{"id":31792,"date":"2022-11-25T15:33:02","date_gmt":"2022-11-25T20:33:02","guid":{"rendered":"https:\/\/www.itworldcanada.com?p=515191"},"modified":"2022-11-28T09:01:40","modified_gmt":"2022-11-28T14:01:40","slug":"cyber-security-today-week-in-review-for-friday-november-25-2022","status":"publish","type":"post","link":"https:\/\/technewsday.com\/staging\/cyber-security-today-week-in-review-for-friday-november-25-2022\/","title":{"rendered":"Cyber Security Today, Week in Review for Friday, November 25, 2022"},"content":{"rendered":"<p data-ar-index=\"0\">Welcome to Cyber Security Today. This is the Week in Review edition for the week ending Friday, November 25th, 2022. I\u2019m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.<\/p>\n<p data-ar-index=\"1\"><iframe style=\"border: none;\" title=\"Libsyn Player\" src=\"https:\/\/html5-player.libsyn.com\/embed\/episode\/id\/25127079\/height\/90\/theme\/custom\/thumbnail\/yes\/direction\/forward\/render-playlist\/no\/custom-color\/000000\/\" width=\"100%\" height=\"90\" scrolling=\"no\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/p>\n<table style=\"width: 100%;\">\n<tbody>\n<tr>\n<td><a href=\"https:\/\/www.amazon.com\/ITWC-Cyber-Security-Today\/dp\/B07BRNG89P\/ref=sr_1_1?s=digital-skills&amp;ie=UTF8&amp;qid=1522688435\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-396718 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-alexa-200.png\" alt=\"Cyb er Security Today on Amazon Alexa\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<td><a href=\"https:\/\/www.google.com\/podcasts?feed=aHR0cDovL2N5YmVyc2VjdXJpdHl0b2RheS5saWJzeW4uY29tL3Jzcw%3D%3D\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"thumbnail aligncenter wp-image-408712 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2018\/09\/sub-gp-200.png\" alt=\"Cyber Security Today on Google Podcasts\" width=\"200\" height=\"74\" \/><\/a><\/td>\n<td><a href=\"https:\/\/itunes.apple.com\/ca\/podcast\/cyber-security-today\/id1363182054\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-396720 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-itunes-200.png\" alt=\"Subscribe to Cyber Security Today on Apple Podcasts\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p data-ar-index=\"2\">In a few minutes Terry Cutler of Montreal\u2019s <a href=\"https:\/\/www.cyologylabs.com\/\" rel=\"noopener\">Cyology Labs<\/a> will be here with commentary on events. But first a review of some of what happened in the last seven days:<\/p>\n<p data-ar-index=\"3\"><strong>A fantasy sports betting website<\/strong> called DraftKings <a href=\"https:\/\/www.darkreading.com\/threat-intelligence\/draftkings-account-takeovers-frame-sports-betting-cybersecurity-dilemma\" rel=\"noopener\">is blaming its users<\/a> for re-using their passwords as the cause of the theft of US$300,000 from their accounts. Terry and I will discuss if there\u2019s more to it than that.<\/p>\n<p data-ar-index=\"4\"><strong>We\u2019ll also look at<\/strong> a couple of recent ransomware attacks. And we\u2019ll offer advice on safe online holiday shopping.<\/p>\n<p data-ar-index=\"5\"><strong>Also this week,<\/strong> <a href=\"https:\/\/www.europol.europa.eu\/media-press\/newsroom\/news\/action-against-criminal-website-offered-%E2%80%98spoofing%E2%80%99-services-to-fraudsters-142-arrests\" rel=\"noopener\">an international police effort has closed the criminal iSpoof website<\/a>, a service that allowed crooks to make calls that spoofed the phone numbers of business and government officials, as well as to intercept passcodes for two-factor authentication. The site\u2019s main administrator was arrested in the U.K. in an operation that also saw the arrests of over 140 people. Authorities estimate victims around the world lost about $160 million from iSpoof\u2019s operations.<\/p>\n<p data-ar-index=\"6\"><strong>Separately,<\/strong> police around the world also arrested almost 1,000 suspects believed to have been committing online scams. And they seized $130 million as well. <a href=\"https:\/\/www.interpol.int\/News-and-Events\/News\/2022\/Cyber-enabled-financial-crime-USD-130-million-intercepted-in-global-INTERPOL-police-operation\" rel=\"noopener\">It was done in a combined operation under Interpol<\/a>, the international police co-operative. While most of the suspects ran voice phishing, romance scams, sextortion and investment frauds, one group was more imaginative: They impersonated Interopol officers, tricking victims into transferring almost $150,000 to them through banks and cryptocurrency exchanges.<\/p>\n<p data-ar-index=\"7\"><strong>Ten people were charged <\/strong>in the U.S. with <a href=\"https:\/\/www.justice.gov\/opa\/pr\/10-charged-business-email-compromise-and-money-laundering-schemes-targeting-medicare-medicaid\" rel=\"noopener\">allegedly being involved in a multi-million dollar Medicare and Medicaid email scam<\/a>. The con involved sending emails to public and private health insurance programs that looked like they came from real hospitals. The insurers were told to send payments to the hospitals\u2019 new bank accounts \u2014 accounts that were set up by crooks.<\/p>\n<p data-ar-index=\"8\"><strong>Microsoft warned<\/strong> that a long-discontinued web server called Boa filled with vulnerabilities <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/11\/22\/vulnerable-sdk-components-lead-to-supply-chain-risks-in-iot-and-ot-environments\/\" rel=\"noopener\">is still being used<\/a> in industrial products around the world. That means it poses dangers to millions of organizations. The Boa web server can be found in internet-of-things devices. It\u2019s also tucked away in some software development kits. The problem: Microsoft continues to see attackers attempting to exploit Boa vulnerabilities.<\/p>\n<p data-ar-index=\"9\">R<a href=\"https:\/\/unit42.paloaltonetworks.com\/luna-moth-callback-phishing\/\">esearchers at Palo Alto Networks<\/a> warned that employees are being tricked into downloading remote management tools under the guise of legitimate software. Using those tools a threat actor finds and copies sensitive data. They send an extortion note to the organization, demanding money or the copied data will be publicly released.<\/p>\n<p data-ar-index=\"10\"><strong>Thirty-four Russian-speaking threat groups<\/strong> are distributing malware capable of stealing passwords and other data. <a href=\"https:\/\/www.group-ib.com\/media-center\/press-releases\/professional-stealers\/\" rel=\"noopener\">That\u2019s according to researchers at Group-IB.<\/a> In the first seven months of this year alone the gangs infected almost 900,000 devices and stole over 50 million passwords. The malware they use can also steal cookie files, credit card numbers, data from cryptocurrency wallets and passwords for gaming services like Steam, Epic Games and Roblox.<\/p>\n<p data-ar-index=\"11\"><strong>Finally,<\/strong> if you have an internet-connected video camera in or outside your home Canada\u2019s privacy commissioner <a href=\"https:\/\/www.priv.gc.ca\/en\/privacy-topics\/information-and-advice-for-individuals\/online-services\/gd_wcc_202211\/\" rel=\"noopener\">just published advice on how to keep it secure<\/a>.<\/p>\n<p data-ar-index=\"12\"><em>(The following transcript has been edited for clarity)<\/em><\/p>\n<p data-ar-index=\"13\"><strong>Howard:<\/strong> I want to start with news of the theft of money from subscribers to the DraftKings fantasy sports betting site. DraftKings is an American-based sport and casino betting site that is available in a number of countries. On Monday there were news reports of users noticing funds had been withdrawn from their accounts. One person told a reporter that around the same time his email was filled with spam.<\/p>\n<p data-ar-index=\"14\">The company told reporters some US$300,000 was withdrawn without permission from user accounts. An official said the company\u2019s IT systems weren\u2019t compromised. So it believes victims weren\u2019t careful creating separate usernames and passwords for DraftKings. Their credentials were used elsewhere, stolen by crooks who then successfully used them on the DraftKings site.<\/p>\n<p data-ar-index=\"15\">Terry, if true this is another example of people being careless.<\/p>\n<p data-ar-index=\"16\"><strong>Terry Cutler: <\/strong>This is a case of people who don\u2019t want to deal with cyber security until it\u2019s too late. If this was really a problem with the DraftKing site it would have affected all users. I think we\u2019re dealing with about five per cent of their entire user base [affected] because they\u2019re worth $6.5 billion. This is classic password reuse [problem]. If these folks were cyber-educated they would have turned on two-step verification. Ironically, [competing site] Fan Duel put out a tweet around the same time saying, \u2018Make sure you change your passwords and then set up two-step verification,\u2019 because someone was trying to hack their accounts as well. What\u2019s interesting is that this is the perfect example of an unrelated third party advising there\u2019s a problem. Obviously, if you\u2019re dealing with money turn on your two-step verification.<\/p>\n<p data-ar-index=\"17\"><strong>Howard:<\/strong> I wonder if Draft Kings also wasn\u2019t careful if one news site reporting on this is accurate, because it quotes a privacy advocate saying that while DraftKings offers two-factor authentication to protect logins from compromise, it doesn\u2019t force its subscribers to use it.<\/p>\n<p data-ar-index=\"18\"><strong>Terry:<\/strong> DraftKings says they\u2019re going to make victims right [for their losses], but should they really need to reimburse those people that lost US$300,000? Because should have turned on two-step verification themselves. It\u2019s a 60-second fix, but people feel it\u2019s inconvenient. My company gets a lot of calls because people\u2019s Instagram accounts were hacked. Instagram offers two-step verification as well. But nobody turns it on until they get hacked and try to get their accounts back. All their information\u2019s been changed in their profile, all the recovery passwords and all the recovery phone numbers.<\/p>\n<p data-ar-index=\"19\"><strong>Howard:<\/strong> Another news site that interviewed victims that used DraftKings suggests the attackers were able to compromise the smartphones of users who actually did enable two-factor authentication. Somehow their two-factor authentication code went to a different phone. Presumably these were phones that were controlled by the hackers, who were then able to get into the accounts of the players once they had they had their usernames and passwords and they had the two-factor authentication code. So it seems this was a really sophisticated and targeted attack: First, the attackers researched DraftKing players and they got hold of their passwords \u2014 or they got the passwords and then researched the players \u2014 and then they compromised the two-factor authentication process in some way. Either they stole the user\u2019s token, or they convinced the user\u2019s cellphone company to switch their SIM card to a different phone, or perhaps they convinced the DraftKings help desk to change the target\u2019s registered cell phone number so that the two-factor authentication code went to a phone that was controlled by the hacker.<\/p>\n<p data-ar-index=\"20\"><strong>Terry:<\/strong> There\u2019s a lot of stuff going on here. There\u2019s a high probability that the attackers bought a list of basic information, including the security questions, that users may have revealed, in a phishing attack. This way they could call up your phone provider and possibly switch your phone from one carrier to another That\u2019s one plausible way. That\u2019s why it\u2019s very, very important that activate called port protection from your wireless provider \u2026 With port protection you have to show up in person to the provider with identification to transfer your account to another phone. There\u2019s also the possiblity of token stealing. There\u2019s so many ways to bypass 2FA. One of the main tactics used right now is a victim receives an email with a phishing link. It goes to a real website, but because of a man-in-the-middle attack your password and possibly two-step verification goes to a bad guy. With one double click the guy can get access to your account. That\u2019s why we need to start moving away from SMS text one-time passwords over to an authenticator app for delivering codes.<\/p>\n<p data-ar-index=\"21\"><strong>Howard:<\/strong> This incident involves crooks getting hold of victims\u2019 passwords. There was a related story that came out this week from a Singapore -based threat analyst firm called Group-IB. Through their research they found that there are 34 Russian-speaking threat groups distributing malware capable of stealing passwords and other data. They figure that in the first seven months of this year alone gangs infected almost 900,000 devices around the world and stole over 50 million passwords. The malware that they use can also steal cookies, credit card numbers, data from cryptocurrency wallets and passwords for gaming services. This again reinforces the point that for your security every place that you create an account has to have a separate password so you don\u2019t get screwed if a hacker steals a password from your email and then tries to use it on your bank site \u2014 or use it on your DraftKings site.<\/p>\n<p data-ar-index=\"22\"><strong>Terry:<\/strong> Let\u2019s talk quickly about passwords. Your password can be decoded if you chose really crappy one like John123. Some people have a mindset, \u2018Who\u2019s gonna want to hack me? I have nothing of value.\u2019 You need to start creating an unbreakable password \u2014 there has to be a combination of uppercase, lowercase and symbols that\u2019s between 16 and 25 characters long. I know what you\u2019re thinking: How do you remember a password this long? But if you can think of song lyrics or phrases. that will help you. For example a simple phrase like, \u2018Ihadagreatdayatwork!!\u2019, that could take 10 years to break. If you replace the \u2018o\u2019s in a password with a zero and the \u2018a\u2019 with an @ symbol that password will take 39 centuries to crack. But if an attcker can access your password hash they can do a pass-the-hash attack where they can log in as you without ever knowing your password. That\u2019s why two-step verification is key here to stopping password theft attacks.<\/p>\n<p data-ar-index=\"23\"><strong>Howard:<\/strong> So in this DraftKings incident what are the lessons for companies?<\/p>\n<p data-ar-index=\"24\"><strong>Terry:<\/strong> That nothing is foolproof. If we look at how a phishing attack works, hackers are going to try and target a company like DraftKings and use social media networks and other data points to look at who the employees are maybe some of their players. Then they\u2019re going to try and follow them on social media to learn more about their identity, figure out\u00a0 their email address and send a fake message with a link. Perhaps they\u2019re going to try and impersonate a colleague or a boss or another player. Once the target opens the message they\u2019re at risk because they think they know who the sender is right? Once the link\u2019s been clicked on the attacker has two choices: Steal the victim\u2019s credentials or install malware on the PC or their smartphone. Once the hacker has compromised access they\u2019re s going to use the back door to steal that information. That\u2019s usually how it\u2019s going to work.<\/p>\n<p data-ar-index=\"25\"><strong>Howard:<\/strong> I also think a lesson for all companies is don\u2019t make two-factor authentication optional. Make it mandatory for all of your users.<\/p>\n<p data-ar-index=\"26\"><strong>Terry:<\/strong> I\u2019m actually surprised it\u2019s not mandatory now. We\u2019ve been talking about data breaches and enabling two-step verification for at least 10 years.<\/p>\n<p data-ar-index=\"27\"><strong>Howard:<\/strong> And what lessons are there for individuals out of the DraftKings incident?<\/p>\n<p data-ar-index=\"28\"><strong>Terry:<\/strong> They need to get cyber-aware. There are so many ways you can get hacked, and a lot of times it starts with your password. There are sites you can check to see if your password has been stolen. One is <a href=\"https:\/\/haveibeenpwned.com\/\" rel=\"noopener\">\u2018Have I Been Pwned.<\/a>\u2018 It collects lists of stolen email and password combinations. You enter your email address and it tells you if your password has been part of a data breach. Another thing is Google your name to see what personal information about you is on the internet. Type in your first and last name with quotation marks at both ends. You might learn on the internet you\u2019re listed personal things \u2014 say, your favourite Disney character, your favourite colour, the street you used to live on \u2014 that you use in your password. That\u2019s how hackers can guess your password. If you wonder how you can keep up with security that\u2019s one of the reasons why I launched the <a href=\"https:\/\/www.cyologylabs.com\/fraudster\" rel=\"noopener\">Fraudster app<\/a> to help you stay current.<\/p>\n<p data-ar-index=\"29\"><strong>Howard:<\/strong> Let\u2019s move on to news item number two: The wave of ransomware attacks continues. This week the city of Westmount, Quebec \u2014 which is in your neck of the woods \u2014 <a href=\"https:\/\/www.itworldcanada.com\/article\/montreal-area-city-hit-by-ransomware-report\/514484\" rel=\"noopener\">said it was hit with ransomware last weekend<\/a>. On Monday the city said it was still assessing the damage but that its email system was offline. It hasn\u2019t said anything since. Separately the union that represents Ontario\u2019s public high school teachers and teaching assistants <a href=\"https:\/\/www.itworldcanada.com\/article\/ontario-secondary-school-teachers-union-notifies-victims-of-ransomware-attack\/514978\" rel=\"noopener\">has started to notify past and present members that their personal data was stolen in a ransomware attack in May<\/a>. Several new strains of ransomware were discovered and given names like AXLocker, Octocrypt and Alice. Terry, we know that not all attacks can be prevented but what can you say when once a week we hear about a successful ransomware attack in Canada or the U.S.?<\/p>\n<p data-ar-index=\"30\"><strong>Terry:<\/strong> A lot of the companies we investigate are being misled by the IT department \u2014 and I\u2019m saying this based on our experience after doing incident response. After interviewing the upper management it\u2019s always, \u2018My IT guys said we don\u2019t need antivirus on our Exchange servers because it slows us down,\u2019 or \u2018My IT guy has it covered.\u2019 But when we ask who\u2019s monitoring your system at 2 a.m. on a Saturday morning \u2026. They need to understand that cybersecurity folks are always going to complement IT departments and vice versa. We [cybersecurity] are going to find things that need to be fixed up, and the IT department is going to get it done faster than us because they\u2019re in there day-to-day. They need to better understand the threat surface. Remember that saying from GI Joe, \u2018Knowing is half the battle?\u2019 It\u2019s true. Understanding and managing your threat surface are fundamental steps toward a better cybersecurity program. Attacks are coming to and from your network, at your endpoint and in your cloud. So how are you keeping track of all these attacks and how are you stopping them if you\u2019re one IT guy, or have an undertrained and overworked staff? It\u2019s very very difficult.<\/p>\n<p data-ar-index=\"31\"><strong>Howard:<\/strong> The goal of IT and security administrators should be to minimize the damage of ah of a successful attack. Do you sense that organizations in Canada and U.S. are getting better at this?<\/p>\n<p data-ar-index=\"32\"><strong>Terry:<\/strong> I find that they\u2019re not doing enough partnering or outsourcing. IT guys are telling management they don\u2019t need cyber security experts, or my cyber insurance will cover me. I think the biggest challenge in IT \u2014 and the cyber guys are also facing \u2014 is there\u2019s too many tools to manage that were never made to work together. It leaves so many gaps. For example, we when we do investigations with healthcare institutions under we have to engage four different departments because they all have access to their own software tools. A lot of times they don\u2019t have the proper logs. They\u2019re missing information. It\u2019s a horror show. You need to find a way to holistically manage all of the threat surfaces in your network, your cloud and your endpoints. There\u2019s still a lot of old-school thinking that \u2018I just need to have antivirus and a firewall and I\u2019m safe.\u2019 But with traditional technologies all an attacker has to do is send a crafted email to one of your employees and once he clicks on the link the attacker becomes an insider and bypasses the firewall. If an attacker has bypassed your firewall you need to have a good system, like EDR (endpoint detection and remediation) that will detect someone misbehaving. A lot of times IT guys are overworked so they don\u2019t have enough time to stay on top of threats. That\u2019s why they need to partner with cybersecurity folks that can help complement them.<\/p>\n<p data-ar-index=\"33\">Make sure you have good content filtering, including a good email spam filter \u2026 We\u2019ve spoken in previous podcasts about how hackers get into companies and use them as a jump point to email other firms with malware. That email won\u2019t be spotted because it\u2019s from a legit domain. The last thing I would mention is to make sure you have a good incident response plan in place. You may be down for a minimum of 100 hours if you get hit with a ransomware attack.<\/p>\n<p data-ar-index=\"34\"><strong>Howard:<\/strong> Finally, because Cyber Friday officially starts today, kicking off the Christmas holiday shopping period, listeners need to be encouraged to practice safe online buying. What should they not be doing?<\/p>\n<p data-ar-index=\"35\"><strong>Terry:<\/strong> Don\u2019t trust any links or attachments with sales offers that you receive by email, especially from someone you don\u2019t know. Scams these days are getting really more sophisticated. It\u2019s really hard to make a blanket statement like that because a scam can look really legit, like it came from someone you know. Just be wary about always opening up attachments. Always double-check shopping websites before filling out any personal information \u2014 is the URL correct? Are there spelling or grammar errors on the site? Do you want to buy something from an unknown company? Make sure to check the reviews before making a decision. There can be fake five-star reviews. Look for really stupid product reviews like, \u2018Great job,\u2019 or \u2018Keep it up.\u2019 That\u2019s a sign the site may be buying these fake reviews to con you into spending money.<\/p>\n<p data-ar-index=\"36\">Despite all these warnings there\u2019s a chance that you may still fall victim to fraud. So always check your credit or debit card account for unusual or unexpected charges.<\/p>\n<p data-ar-index=\"37\">Finally, don\u2019t use public Wi-Fi, especially at a mall, because a bad guy can set up a fake hotspot that says, \u2018Shopping Mall\u2019s Fastest Wi-Fi.\u2019 If you connect to it the guy can start intercepting your data and he might get access to your passcodes.<\/p>\n<p data-ar-index=\"38\"><strong>Howard:<\/strong> Think about the product that you\u2019re buying online and whether you can afford to get scammed by a fake product from a website you don\u2019t know. You don\u2019t want to buy an expensive watch from a website you\u2019ve never heard. But it also applies to buying a pair of Nike running shoes or something as inexpensive as a memory card for a camera if it\u2019s easy for someone to substitute a fake or a used item. That\u2019s all the more reason to be shopping at a brand name online store, or one that you\u2019re familiar with.<\/p>\n<p data-ar-index=\"39\"><strong>Terry:<\/strong> And if you see prices that are so low for a really high end brand, be wary. We\/ve seen expensive Canada Goose jackets advertised for 60 bucks, and a phone book arrives in the box.<\/p>\n<p data-ar-index=\"40\">For more on safe online shopping see the government of Canada\u2019s <a href=\"https:\/\/getcybersafe.gc.ca\/en\/blogs\/how-spot-unsafe-online-store\" rel=\"noopener\">Get Cyber Safe<\/a> website and the U.S. Cybersecurity and Infrastructure Security\u2019s <a href=\"https:\/\/www.cisa.gov\/uscert\/ncas\/tips\/ST07-001\" rel=\"noopener\">online shopping tips.<\/a><\/p>\n<p data-ar-index=\"41\">\n<p data-ar-index=\"42\">The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-week-in-review-for-friday-november-25-2022\/515191\">Cyber Security Today, Week in Review for Friday, November 25, 2022<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this episode Terry Cutler and I discuss the theft of funds from customers of the DraftKings betting site, ransomware and tips for safe online holida<\/p>\n","protected":false},"author":17,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[360,16],"tags":[389],"class_list":["post-31792","post","type-post","status-publish","format-standard","hentry","category-podcasts","category-security","tag-cyber-security-today"],"acf":[],"_links":{"self":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/31792","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/comments?post=31792"}],"version-history":[{"count":3,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/31792\/revisions"}],"predecessor-version":[{"id":31863,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/31792\/revisions\/31863"}],"wp:attachment":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media?parent=31792"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/categories?post=31792"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/tags?post=31792"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}