{"id":30194,"date":"2022-10-21T15:08:54","date_gmt":"2022-10-21T19:08:54","guid":{"rendered":"https:\/\/www.itworldcanada.com?p=509213"},"modified":"2022-10-25T09:58:55","modified_gmt":"2022-10-25T13:58:55","slug":"cyber-security-today-week-in-review-for-friday-oct-21-2022","status":"publish","type":"post","link":"https:\/\/technewsday.com\/staging\/cyber-security-today-week-in-review-for-friday-oct-21-2022\/","title":{"rendered":"Cyber Security Today, Week in Review for Friday, Oct. 21, 2022"},"content":{"rendered":"<p data-ar-index=\"0\">Welcome to Cyber Security Today. From Toronto, this is the Week in Review edition for the week ending Friday October 21st. 2022. I\u2019m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.<\/p>\n<p data-ar-index=\"1\"><iframe style=\"border: none;\" title=\"Libsyn Player\" src=\"https:\/\/html5-player.libsyn.com\/embed\/episode\/id\/24755997\/height\/90\/theme\/custom\/thumbnail\/yes\/direction\/forward\/render-playlist\/no\/custom-color\/000000\/\" width=\"100%\" height=\"90\" scrolling=\"no\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/p>\n<table style=\"width: 100%;\">\n<tbody>\n<tr>\n<td><a href=\"https:\/\/www.amazon.com\/ITWC-Cyber-Security-Today\/dp\/B07BRNG89P\/ref=sr_1_1?s=digital-skills&amp;ie=UTF8&amp;qid=1522688435\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-396718 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-alexa-200.png\" alt=\"Cyb er Security Today on Amazon Alexa\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<td><a href=\"https:\/\/www.google.com\/podcasts?feed=aHR0cDovL2N5YmVyc2VjdXJpdHl0b2RheS5saWJzeW4uY29tL3Jzcw%3D%3D\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"thumbnail aligncenter wp-image-408712 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2018\/09\/sub-gp-200.png\" alt=\"Cyber Security Today on Google Podcasts\" width=\"200\" height=\"74\" \/><\/a><\/td>\n<td><a href=\"https:\/\/itunes.apple.com\/ca\/podcast\/cyber-security-today\/id1363182054\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-396720 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-itunes-200.png\" alt=\"Subscribe to Cyber Security Today on Apple Podcasts\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p data-ar-index=\"2\">\n<p data-ar-index=\"3\">In a few minutes David Shipley of Beauceron Security will join me to discuss recent cybersecurity news. But first a look back at some of the headlines from the past seven days:<\/p>\n<p data-ar-index=\"4\"><strong>A mistake<\/strong> by a city of Hamilton employee<a href=\"https:\/\/www.itworldcanada.com\/article\/hamilton-employee-mistakenly-sends-email-blast-with-all-names-and-addresses-visible\/508029\" rel=\"noopener\"> allowed 450 recipients of an email to see the names and email addresses of everyone the email went to<\/a>. David and I will talk about why people still don\u2019t know how to use the Blind Carbon Copy feature of email systems.<\/p>\n<p data-ar-index=\"5\">We\u2019ll also talk about the risks of using real customer data when testing applications <a href=\"https:\/\/www.watoday.com.au\/technology\/online-wine-seller-vinomofo-suffers-major-data-breach-20221018-p5bqlf.html\" rel=\"noopener\">after an Australian company admitted its test customer data file was stolen.<\/a><\/p>\n<p data-ar-index=\"6\">And we\u2019ll look <a href=\"https:\/\/www.itworldcanada.com\/article\/most-canadian-firms-hit-by-ransomware-tell-statscan-they-didnt-pay-up-experts-are-skeptical\/509169\" rel=\"noopener\">at this week\u2019s data from Statistics Canada<\/a> on the number of cyber incidents that hit businesses here. Eighteen per cent of the 8,000-plus respondents said their firm was impacted by a cyber attack last year.<\/p>\n<p data-ar-index=\"7\"><strong>In other news,<\/strong> members of Canada\u2019s Parliament still had limited access to some interet-based services on Thursday. That was a week after an unnamed cyber threat was detected on the IT system that serves the House of Commons and the Senate. All MPs, Senators and others on the network were forced to reset their passwords. The office of the Speaker of the House of Commons said there is no indication that the accounts of members of Parliament were compromised. An investigation continues.<\/p>\n<p data-ar-index=\"8\"><a href=\"https:\/\/www.trustwave.com\/en-us\/resources\/blogs\/spiderlabs-blog\/archive-sidestepping-self-unlocking-password-protected-rar\/\" rel=\"noopener\"><strong>Researchers at Trustwave warned<\/strong><\/a> that password-protected ZIP files are increasingly being used as a tactic for spreading malware. The files come as an email attachment that\u2019s supposed to be an invoice. Password-protected files are a way threat actors try to get around spam defences. The payload could be a backdoor, a cryptomining application or ransomware.<\/p>\n<p data-ar-index=\"9\"><strong>Those behind<\/strong> what some researchers call the Ursnif malware have changed their attack tool. It used to primarily be malware for stealing bank account passwords. But <a href=\"https:\/\/www.mandiant.com\/resources\/blog\/rm3-ldr4-ursnif-banking-fraud\" rel=\"noopener\">researchers at Mandiant say<\/a> the latest variant drops a generic backdoor that allows entry into victim\u2019s IT systems. This suggests the developers now aim to have their malware used for distributing ransomware. The report includes indicators of compromise to help security teams detect this malware.<\/p>\n<p data-ar-index=\"10\"><b>Finally, researchers at <\/b><a href=\"https:\/\/www.safebreach.com\/resources\/blog\/safebreach-labs-researchers-uncover-new-fully-undetectable-powershell-backdoor\/\" rel=\"noopener\">SafeBreach discovered<\/a> a new PowerShell backdoor that is being distributed through an emailed job application. The recipients might be getting the emails by responding to a phony job offer on LinkedIn. What\u2019s worrisome is this backdoor has \u2014 until now \u2014 been undetected. One of the commands the backdoor can execute is to access Active Directory to count how many users are in the victim organization and how many instances of Windows remote desktop there are. The researchers believe 100 victims have been targeted in this scheme.<\/p>\n<p data-ar-index=\"11\"><em>(The following transcript has been edited for clarity. To hear the full discussion play the podcast)<\/em><\/p>\n<p data-ar-index=\"12\"><strong>Howard:<\/strong> This was in some ways a week like any other in cybersecurity: News about data breach, data thefts and blunders by employees. A bit disheartening during Cyber Security Awareness Month.<\/p>\n<p data-ar-index=\"13\">We\u2019ll start with a report about an employee of the city of Hamilton, Ontairio doing what many company staffers do: Sending out an email to 450 people on a list. Except this staffer didn\u2019t use the Blind Carbon Copy option in the email. Instead, the of names and email addresses was pasted into the \u2018To\u2019 section for recipients. So all 450 people the message went to were able to see the names and email addresses of the others it went to. Had they used the BCC option, recipients would only have seen their own email address. Blind Carbon Copy limits lists of email addresses to be viewed to only one at a time. David, what did you think when you heard of this?<\/p>\n<p class=\"western\" data-ar-index=\"14\"><strong>David:<\/strong> First of all, BCC is the demon of email because it\u2019s either used for passive-aggressive purposes, or as in this case, it will bite people because they meant to BCC but they put it in the C or the \u2018To\u2019 field. This happens to every single organization. If it hasn\u2019t happened to yours yet, it\u2019s only a matter of time. It\u2019s one of the oldest privacy breach mistakes in the digital book and it\u2019s a combination of human error and bad process. It\u2019s vital organizations not to treat their email platform as the communications hammer for every single problem or use case when communicating with clients \u2014 or in this case with citizens. It\u2019s important to use tools that have security and privacy controls baked in, like using a customer relationship management platform or a mass mailing platform like Mailchimp. That ensures that an individual gets their own dedicated message with no chance of people seeing other people\u2019s information. And this is just a regular reminder that Microsoft\u2019s Exchange message \u2018Recall\u2019 function doesn\u2019t work when you\u2019re sending messages outside of your organization. There\u2019s no \u2018Undo\u2019 this kind of mistake. And the \u2018Recall\u2019 function works really poorly when sending something even within an organization.<\/p>\n<p class=\"western\" data-ar-index=\"15\"><strong>Howard:<\/strong> It could have been worse. You know the message in the Hamilton email as far as I know didn\u2019t have any personal information. It was about instructions for voting by mail for the upcoming municipal election. But, someone with criminal intent could have used that list of email addresses to send spam or sold the list to a crook.<\/p>\n<p class=\"western\" data-ar-index=\"16\"><strong>David:<\/strong> This is an important point when evaluating privacy breaches that\u2019s often overlooked: Something in Canada called the real risk of significant harm, or the RROSH. It\u2019s a harm test that makes the difference between whether you absolutely have to report a privacy breach to a federal or provincial privacy commissioner. For example, if you get hit by ransomware and they extract a bunch of personal data from your environment there is a real risk of significant harm to identifiable people. If an employee accidentally sees information they shouldn\u2019t have maybe there\u2019s a lower risk and you don\u2019t hit that real risk of significant harm threshold. In this case I think the risk overall is low. However, it\u2019s still a good idea to engage the privacy commissioner if you have an event like this. Why? Because the privacy commissioner is not just there to rap people on the knuckles. They often provide really good advice and that help find gaps in an organization\u2019s people, process or technology, and lessons you can learn to avoid future privacy headaches.<\/p>\n<p class=\"western\" data-ar-index=\"17\"><strong>Howard:<\/strong> In this case, the municipality had to report to the provincial privacy commissioner under Ontario\u2019s municipal privacy law.<\/p>\n<p class=\"western\" data-ar-index=\"18\"><strong>David:<\/strong> Again, it\u2019s not a bad idea It\u2019s the best free advice you\u2019re going to get from professionals. And here\u2019s a crazy thought: Do something proactive, not after you have an incident. Talk about the processes your organization may have and what risks might be out there. If you\u2019re messaging large groups on a regular basis make sure you know how to do so safely.<\/p>\n<p class=\"western\" data-ar-index=\"19\"><strong>Howard<\/strong>: Because this is a common problem, is it a matter of every time a staff member in any organization is asked to send out an email blast to a large number of people that a senior person should remind them, \u2018This is the proper way to do it. Make sure that that you put that list into the Bcc\u2019? And as I ask the question I\u2019m thinking at the same time, what if it was a senior person who did this in Hamilton?<\/p>\n<p class=\"western\" data-ar-index=\"20\"><strong>David:<\/strong> It\u2019s vital for senior leaders \u2014 particularly in private sector firms and executives and directors \u2014 to be aware when anyone is being tasked to send mass communications that might commercial nature. There are other laws that have even more teeth than privacy laws. In Canada there\u2019s the Canadian Anti-Spam Legislation, known as CASL. It demands that people who are in communication roles are trained how to do it properly if the email or text messages are commercial. Executives and directors who aren\u2019t paying attention to the people delivering these kinds of messages can be held individually liable for breaches of the legislation. Lots of Canadian businesses mass email, and they may not be paying attention both to the privacy and the anti-spam aspects.<\/p>\n<p class=\"western\" data-ar-index=\"21\"><strong>Howard:<\/strong> News item number two: A database of real customer data was stolen from an application testing server belonging to an Australian wine distributor. The company said that the data included customers\u2019 names, addresses, dates of birth and phone numbers. This is great data for crooks for sending out phishing messages or for creating phony ID. The incident happened last month and was only reported this week. It happened during a test of a system upgrade. The company was defensive. They said that given the scale of this upgrade and in line with industry practice a customer database was used to critically test the platform. This raises an old question: Should developers use real data or phony data when they\u2019re testing their applications?<\/p>\n<p class=\"western\" data-ar-index=\"22\"><strong>David:<\/strong> Hell no, absolutely not. Can I say that any stronger? You can create artificial data. Yes, it does take time and effort to build a script that\u2019s useful,l but you can do scale testing using generated data. This is a common mistake startups make early in their life, and like the Bcc story earlier, eventually somebody makes a mistake in configuration and out the door goes customer data. Using real data in a test will always bite you in the backside.<\/p>\n<p class=\"western\" data-ar-index=\"23\"><strong>Howard<\/strong>: In this case, the company said the test data wasn\u2019t connected to the company\u2019s website, as if that made a difference because the crook somehow got access to the test server and they got the data anyway.<\/p>\n<p class=\"western\" data-ar-index=\"24\"><strong>David:<\/strong> Most big data breaches that we see come from insecure cloud environments. It\u2019s not about the website per se. It could be how an Amazon S3 bucket is configured or other aspects of the cloud environment \u2026 But if you\u2019re running test and it\u2019s the same data as production and you\u2019re not watching it, you\u2019re going to get bit. This is where things like developers spinning up instances and grabbing data. It [cybersecurity] is people and process and technology.<\/p>\n<p class=\"western\" data-ar-index=\"25\"><strong>Howard:<\/strong> In doing the research for this item I <a href=\"https:\/\/timross.wordpress.com\/2008\/04\/20\/the-importance-of-using-real-test-data\/\" rel=\"noopener\">came across a blog by a New Zealand application developer<\/a> who maintained that test data has to reflect real data that\u2019s going to be used in production. He recalled working on an application that was developed using supplied test data that was meaningless, so much so that when real data was used to test the application when it was close to going into production the application didn\u2019t work. So he argues that the lesson is test data has to accurately reflect the real data that\u2019s going to be used in production. But if that\u2019s so, how does the organization protect itself?<\/p>\n<p class=\"western\" data-ar-index=\"26\"><strong>David:<\/strong> Here\u2019s an example using my company: We created artificial data for testing. We know all the fields involved in our product, a security awareness platform. We created a series of scripts that can populate up to a 100,000 people \u2014 fake names, first name, last name, fake job titles \u2013and it looks like the real data. But there\u2019s absolutely no risk to us or our clients. I can\u2019t think of a use case where you can\u2019t create suitable artificial data.<\/p>\n<p class=\"western\" data-ar-index=\"27\"><strong>Howard:<\/strong> News item three: I\u2019m going to go back and in time just a little bit but I want your opinion. At the SecTor cybersecurity conference in Toronto earlier this month one speaker I heard <a href=\"https:\/\/www.itworldcanada.com\/article\/forget-ransomware-call-it-a-multi-stage-extortion-campaign\/508653\" rel=\"noopener\">said the following<\/a>, and here I\u2019m paraphrasing: If your organization suffers a significant breach because a user was phished and the steps that the threat actor took to get that data were pretty simple and the security or IT team didn\u2019t see what was happening it\u2019s not the user\u2019s fault. Your security architecture needs to be looked at. What do you think?<\/p>\n<p class=\"western\" data-ar-index=\"28\"><strong>David:<\/strong> It raises a really important point. When we talked in the 70s and 80s about the positioning of gas tanks in vehicles and if there was a side impact on a particular manufacturer\u2019s truck it exploded, it wasn\u2019t the fault of the driver because they ended up getting into an accident. The reason it became a catastrophic accident was the engineering design of the gas tank. Similarly, in the recent Uber breach a person got phished and their credentials were captured and hackers Uber\u2019s environment, where they found scripts with passwords. Really successful organizations that look at security awareness don\u2019t just tell people that phishing is a thing to look for, they build and sustain a security culture. They look at how it can be applied throughout their organization, including the security architecture choices. It means giving people the time, the money and the resources to ensure that the security architecture is secure. The Swiss cheese of security awareness teaching is getting users to avoid phishing. That can be your first layer of defence. Your second layer is your architecture and your technology controls.<\/p>\n<p class=\"western\" data-ar-index=\"29\"><strong>Howard:<\/strong> This is another argument for \u2018Don\u2019t blame the employee.\u2019 On the other hand, the speaker\u2019s argument had a certain number of \u2018ifs,\u2019 like, \u2018if the attack is simple and the attacker doesn\u2019t have to get past complex defences by using complex techniques.\u2019 But doesn\u2019t that describe a lot of successful attacks?<\/p>\n<p class=\"western\" data-ar-index=\"30\"><strong>David:<\/strong> It does. It takes a combination of all the right things falling into place. My analogy for being on the defensive end of cybersecurity is being the goalie for an NHL team and you\u2019re the only player allowed on the ice \u2014 and the attackers get to fire as many shots on goal as they like. Some of them might be easy and some of them might be really amazing shots, but you as the goalie have just got to get wrong once and they score. If your organization get a phishing test click rate below five per cent you\u2019re lowering those shots on goal.<\/p>\n<p class=\"western\" data-ar-index=\"31\"><strong>Howard:<\/strong> The final news story I want to look at was the survey Statistics Canada put out this week on cyber incidents suffered by Canadian businesses in 2021. This wasn\u2019t the usual vendor survey of a couple hundred organizations. There were over 8000 respondents. Here are some of the numbers: Last year 18 percent of responding Canadian businesses said they were impacted by cybersecurity incidents. That compared to 2 per cent of Canadian businesses in both 2019 and 2017. What stood out to you in this report?<\/p>\n<p class=\"western\" data-ar-index=\"32\"><strong>David:<\/strong> We saw about a 14 per cent decline in organizations reporting that they\u2019d been impacted by a cybersecurity event. [The percentage change between 21 per cent in 2019 and 18 per cent in 2021 is a three per cent drop, but compared to the original number its 14 per cent of 21]. That was positive. But the report also says that in 2019 the private sector was spending just under $7 billion on cybersecurity. The amount had jumped by 40 per cent to just shy of $10 billion in 2021. That\u2019s a hell of an increase in spending on cybersecurity. We dramatically increased spending, but the cost to businesses [of incidents] was $400 million in 2019, which skyrocketed 50 per cent to $600 million in 2021. So let\u2019s just recap: We spent 40 per cent more and we had 50 per cent larger losses. And interestingly enough, the number of businesses reporting that they spent something on cybersecurity only went up by one per cent 62 per cent in 2021 compared to 61 per cent in 2019. They spent more on cybersecurity and still lost more. Which tells me that individual incidents continue to get more expensive. That matches some industry research.<\/p>\n<p class=\"western\" data-ar-index=\"33\"><strong>Howard:<\/strong> What struck me were the numbers around ransomware. Eleven per cent of the 18 per cent of Canadian businesses who said that they were impacted by a cyber security event were hit by ransomware. That\u2019s less than two of the total number of those who said they were impacted. The other thing that I found quite notable was that of those who were hit by ransomware 82 per cent said that they did not pay a ransom.<\/p>\n<p class=\"western\" data-ar-index=\"34\"><strong>David:<\/strong> I don\u2019t believe that number. The reason why is it\u2019s so different than all of the private sector studies. In fact <a href=\"https:\/\/www.cira.ca\/resources\/cybersecurity\/report\/2022-cira-cybersecurity-survey\" rel=\"noopener\">CIRA, the Canadian Internet Registry Authority just published a report<\/a> with a smaller sample size \u2014 500 respondents \u2013but they\u2019re saying 70 per cent of people who got hit with ransomware paid. Other industry studies put this at 50, 70 per cent. We\u2019ve seen that people can be really skittish about telling the government that they paid, even to the point where you reported a week ago the RCMP tried to give money back from the Netwalker ransomware attacks to Canadian victims and they wouldn\u2019t take it. I don\u2019t buy 82 per cent of firms didn\u2019t pay the ransom\/<\/p>\n<p class=\"western\" data-ar-index=\"35\"><strong>Howard:<\/strong> On the other hand the difference between an industry study and a Statistics Canada study is it\u2019s an offence not to be honest to Statistics Canada<\/p>\n<p class=\"western\" data-ar-index=\"36\"><strong>David:<\/strong> But if you paid a ransom to a group that was on a sanctions list, you\u2019re not going to say [publicly] we paid.<\/p>\n<p class=\"western\" data-ar-index=\"37\"><strong>Howard:<\/strong> The other noteworthy thing in this survey was that only 10 percent of businesses that were impacted by a cybersecurity incident said they reported it to police \u2014 and that was down two percentage points from 2019. Police are eager to hear from corporate victims of cybercrime because it helps them understand the extent of the problem and they can get together internationally and take down some of the infrastructure of these criminal groups.<a href=\"https:\/\/www.itworldcanada.com\/article\/why-call-police-after-a-cyber-attack-because-theyre-waiting-for-you\/507885\" rel=\"noopener\"> A panel of Canadian and U.S. police officials that I covered at a Toronto cybersecurity conference earlier this month made that point.<\/a> The police said we\u2019re waiting for your phone calls.<\/p>\n<p class=\"western\" data-ar-index=\"38\"><strong>David:<\/strong> That decline is very significant. That would be a 20 per cent drop [2021 compared to 2019]. Some of that is increasingly cyber insurers say what you can and can\u2019t communicate to police if you want to maintain your coverage. That\u2019s bad. I have significant concerns about that. Second, as we talked about before, even when the cops have your money [recovered from paying a ransom] and they try to give it back firms still don\u2019t want it. There is deep fear that if this gets out it\u2019s going to cause a reputational hit to the organization \u2014 plus they didn\u2019t admit it [the ransomware attack] in the first place.<\/p>\n<p class=\"western\" data-ar-index=\"39\"><strong>Howard:<\/strong> Finally I want to note that this survey left out federal, provincial, local governments, school boards. This was just a survey of businesses. I wonder how much that would have changed the numbers.<\/p>\n<p class=\"western\" data-ar-index=\"40\"><strong>David:<\/strong> I think it would have a big impact on how many paid ransoms. The CIRA report makes a point of dividing businesses from the public sector in some of their responses. The sample size of 500 is not the same as the StatCan report but there\u2019s some really interesting data in there as well.<\/p>\n<p data-ar-index=\"41\">The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-week-in-review-for-friday-oct-21-2022\/509213\">Cyber Security Today, Week in Review for Friday, Oct. 21, 2022<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This episode features a discussion on a common mistake in using email, the risks of using real customer data when testing applications and the latest cyber incident statistics<\/p>\n","protected":false},"author":17,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[360,16],"tags":[389,401,561],"class_list":["post-30194","post","type-post","status-publish","format-standard","hentry","category-podcasts","category-security","tag-cyber-security-today","tag-mandiant","tag-trustwave"],"acf":[],"_links":{"self":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/30194","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/comments?post=30194"}],"version-history":[{"count":2,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/30194\/revisions"}],"predecessor-version":[{"id":30223,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/30194\/revisions\/30223"}],"wp:attachment":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media?parent=30194"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/categories?post=30194"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/tags?post=30194"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}