Information Technology

The US Senate on Thursday unanimously passed a Bill banning the import of all goods, including technology, produced in the Chinese region of Xinjiang to penalise the Chinese government for its heinous treatment of Uyghurs and other Muslim minority groups. The Bill, titled Uyghur Forced Labor Prevention Act, explains that it was made specifically to blast the Chinese government for the international human rights violations it has committed against those minority groups. It accuses China of arbitrarily detaining 1.8 million Uyghurs, Kazakhs, Kyrgyz, and members of other Muslim minority groups in mass internment camps and subjecting them to forced labour, torture, political indoctrination, and other severe human rights abuses. China has faced growing condemnation for its treatment of Uyghur Muslims and other Muslim minorities, with numerous reports stating that Chinese authorities have been tracking the movements of these people. There have also been reports of other human rights abuses, such as the installation of spyware on the phones of Uyghur Muslims and placing Uyghur Muslims into “re-education” camps. In addition to the ban, the Bill’s passage will see the US coordinate with Canada and Mexico to prohibit the importation of goods made in the Xinjiang region. The only exception to the ban are goods determined by the US Customs and Border Protection commissioner, “by clear and convincing evidence”, to be not from convict, forced, or indentured labour. The import ban will potentially see a myriad of tech companies change their supply chains, with an Australian Strategic Policy Institute report last year alleging that the supply chains of 83 global brands at the time had used forced Uyghur labour.

“The president welcomes the agreement by Congress on the bipartisan Uyghur Forced Labor Prevention Act. We agree with Congress that action can and must be taken to hold the People’s Republic of China accountable for genocide and human rights abuses and to address forced labour in Xinjiang,” White House secretary Jen Psaki said. Earlier on Thursday, the Treasury department announced it had slapped eight Chinese technology firms, including drone maker DJI, with trading sanctions on the grounds that they actively supported the biometric surveillance and tracking of Uyghur and other Muslim minority groups in the Xinjiang region. The sanctions will prohibit US persons from purchasing or selling any publicly traded securities connected with these entities. Alongside DJI, the other seven organisations slapped with the sanctions are Cloudwalk Technology, Dawning Information Industry, Leon Technology Company Limited, Megvii Technology, Netposa Technologies, Xiamen Meiya Pico Information, and Yitu. “Today’s action highlights how private firms in China’s defense and surveillance technology sectors are actively cooperating with the government’s efforts to repress members of ethnic and religious minority groups,” said Treasury for Terrorism and Financial Intelligence under secretary Brian Nelson. “Treasury remains committed to ensuring that the US financial system and American investors are not supporting these activities.” On the same day, the Commerce Department also announced it would add another 34 Chinese organisations to its Entity List, banning them from buying parts and components from US companies without government approval.  The 34 entities were banned for various reasons, ranging from supporting the Chinese military through research biotechnology, including “purported brain-control weaponry”, to supplying US-origin items to support Iran’s advanced conventional weapons and missile programs. The eight companies that received the trading sanctions from Treasury, meanwhile, were already on the Entity List.  Related Coverage More

Cybersecurity company NCC Group is warning users of MobileIron products to patch their systems since finding exploitations through the Log4j vulnerability. 

more coverage

NCC Group researchers have so far seen five instances in their client base of active exploitation of Log4Shell in MobileIron, noting that the “global scale of the exposure appears significant.”In a blog post updated on Wednesday, the company shared a screenshot of a Shodan search showing 4,642 instances around the world. NCC Group Global CTO Ollie Whitehouse told ZDNet that Shodan isn’t real-time but that there has been a small drop in total systems since yesterday.
NCC Group
Ivanti, which acquired MobileIron in December 2020, told ZDNet that customers using MobileIron were provided with mitigation steps and guidance this weekend.Ivanti VP of security Daniel Spicer said that after a review of their products, they found the Log4j vulnerability impacting all versions of MobileIron Core, MobileIron Sentry, Core Connector, and Reporting Database (RDB). Those using the MobileIron Cloud are not affected by the issue. “Over the weekend, we informed our customers and highly recommended that they follow the tested mitigations outlined in our Community Forum. Since then, we have stayed in regular communication with our customers,” Spicer said. 

“Patching all systems for known vulnerabilities and ensuring the latest versions of Ivanti solutions are running is the best way for our customers to protect their environments from threats. Unfortunately, security threats across the industry will persist.” Ivanti released an advisory and said the risk associated with CVE-2021-44228 is high “because these products sit in the DMZ and are vulnerable to a RCE attack due to the CVE.” The mitigation instructions provided involve the removal of a vulnerable Java class (JNDILookUp.class) from the affected Log4J Java library, which removes the ability to perform the RCE attack, Ivanti explained. Cerberus Sentinel vice president Chris Clements said the number of vulnerable applications was not a ton at internet scale but he noted the larger concern that the successful exploitation of these systems could allow an attacker to potentially compromise tens of thousands of mobile and computing devices managed by the MobileIron systems.”That is a big deal. We are going to be dealing with the fallout from the Log4j vulnerability for a long time I’m afraid,” Clements said. The UK’s National Cyber Security Centre (NCSC) issued an alert warning in December 2020 that a number of state-backed hackers and criminal gangs were using a vulnerability in MDM software from MobileIron. The company’s MDM servers were previously targeted by hackers through other vulnerabilities. Last December, Ivanti purchased outstanding MobileIron stock for roughly $872 million, representing a 27% premium on the firm’s share price at the time.  More

Citizen Lab has released a new report highlighting widespread government use of the “Predator” spyware from North Macedonian developer Cytrox.Researchers found that Predator was used to attack two people in June 2021. The spyware “was able to infect the then-latest version (14.6) of Apple’s iOS operating system using single-click links sent via WhatsApp,” according to Citizen Lab. The researchers added that Predator persists after reboot using the iOS automations feature. Apple did not respond to requests for comment about the spyware, but Citizen Lab said they have been notified and are investigating the issue. Because WhatsApp is involved, Citizen Lab also told Meta about Predator’s action. Meta announced it is taking enforcement action against Cytrox and is removing approximately 300 Facebook and Instagram accounts linked to the spyware company. The security team at Meta found “an extensive list of lookalike domains used as part of social engineering and malware attacks.””The Meta report states that they believe Cytrox customers include entities in Egypt, Armenia, Greece, Saudi Arabia, Oman, Colombia, Côte d’Ivoire, Vietnam, Philippines, and Germany, and that they identified additional abusive targeting initiated by Cytrox customers around the world,” Citizen Lab explained. Meta also took down accounts linked to six other cyber surveillance firms including Cobwebs Technologies, Cognyte, Black Cube, Bluehawk CI, BellTroX and an unnamed company from China. Meta’s report said the companies created more than 1,500 fake accounts that targeted 50,000 users in at least 100 countries.

Exiled Egyptian politician Ayman Nour was one of the two who had devices infected with Predator and Citizen Lab noted that his phone was also infected with Pegasus, the headline-grabbing spyware from troubled spyware company NSO Group. Citizen Lab said two different governments were spying on Nour at the same time during parts of 2021. Citizen Lab’s reports about Pegasus and NSO Group have caused international outrage and prompted global conversations about the proliferation of powerful spyware. NSO Group was blacklisted by the US government last month and this week faced calls for even harsher sanctions. Cytrox, according to the report, is part of NSO Group rival Intellexa, which is based in the European Union. The company was purchased in 2018 by Israeli firm WiSpear, Citizen Lab found.Through scanning for Predator spyware servers, Citizen Lab researchers found “likely” customers in Armenia, Egypt, Greece, Indonesia, Madagascar, Oman, Saudi Arabia and Serbia.  “We confirmed the hacking of the devices of two individuals with Cytrox’s Predator spyware: Ayman Nour, a member of the Egyptian political opposition living in exile in Turkey, and an Egyptian exiled journalist who hosts a popular news program and wishes to remain anonymous,” Citizen Lab explained. “Nour first became suspicious after observing that his iPhone was ‘running hot.’ We learned of Nour’s case and reviewed logs from his phone. We attribute the attacks on the two targets to the Egyptian Government with medium-high confidence. We conducted scanning that identified the Egyptian Government as a Cytrox Predator customer, websites used in the hacks of the two targets bore Egyptian themes, and the messages that initiated the hack were sent from Egyptian WhatsApp numbers.”Further investigation into Nour’s phone revealed that he had been hacked with Pegasus in March 2021 and there was another attempt to hack his phone in June 2021 using the NSO Group’s FORCEDENTRY exploit. “This report is the first investigation to discover Cytrox’s mercenary spyware being abused to target civil society. NSO Group has received outsized publicity in recent years, thanks to a growing customer list, spiraling abuse problems, and groundbreaking investigative work by civil society,” Citizen Lab said.  “Cytrox and its Predator spyware, meanwhile, are relatively unknown. The targeting of a single individual with both Pegasus and Predator underscores that the practice of hacking civil society transcends any specific mercenary spyware company. Instead, it is a pattern that we expect will persist as long as autocratic governments are able to obtain sophisticated hacking technology. Absent international and domestic regulations and safeguards, journalists, human rights defenders, and opposition groups will continue to be hacked into the foreseeable future.” More

Multiple ad blockers topped Firefox’s list of the most popular and innovative add-on browser extensions of 2021. Firefox determines which add-ons are “most popular” by calculating their average daily users (ADU) throughout the entire year. Adblock Plus averaged 6,134,231 daily users while uBlock Origin averaged 5,011,974 throughout 2021. Firefox notes that uBlock Origin is hot on Adblock Plus’ heels, closing the gap between the two as the year progressed. Firefox estimates that the add-on may pass Adblock Plus at some point in 2022. Privacy appears to be a significant issue for Firefox users. Other top extensions in 2021 include Mozilla’s Facebook Container (1,740,395 ADU) and tracking add-on Ghostery (1,167,938 ADU). 
Firefox
Firefox data shows that of the 133 million visits to addons.mozilla.org in 2021, most came from people based in China and the US. Germany, France, and Russia filled out the rest of the top five. Firefox also says that 60% of Russian users have installed an add-on, far surpassing the percentage for any other region. One-third of all users have installed an add-on, says Firefox, and there were 127 million total Firefox add-on installs in 2021 alone. Firefox also highlighted several extensions that met Mozilla’s “standards of security, utility, and user experience.” The list includes tab organizer add-ons like Sidebery and Tab Stash as well as website design tools like Stylebot and automaticDark.In October, Mozilla’s Firefox browser team cracked down on malicious add-ons. The team blocked ones that were misusing the browser’s proxy API, which software uses to manage how the browser connects to the internet.

Enterprise Software More

This is the year you’re going to go to the gym three times a week, and you’re going to get organized, and you’re going to live life to its fullest, and …

Aw, who are we kidding? Everyone makes those resolutions, and they’re usually just a distant memory by Super Bowl Sunday. So instead of those unrealistic promises to yourself, how about if we start with something that’s a little more achievable? I’ve got some recommendations for smart things you can resolve to do with your technology in the new year to make you happier, more productive, and maybe even less anxious.I wrote the original version of this column back in 2019, but the advice is still timely. Even if you only check one or two of these items off your 2022 to-do list, I promise you’ll be better off.Back up to the cloudNo matter how many times well-meaning advice columnists tell us to back up, we find excuses to not do that task. And so, when (not if) some horrible catastrophe renders the data on our PC or smartphone completely inaccessible, there’s no backup available. Or there’s a backup from several months ago that’s missing everything you’ve done lately.This is where the cloud becomes a digital life saver, capturing the bits that document your digital life. It is easy to configure your smartphone so that every photo and video on your camera roll is backed up to whichever cloud you call home: Google Photos, Dropbox, Microsoft OneDrive, or Apple’s iCloud.Meanwhile, on your PC or Mac, sync your important data files to that same cloud. It’s particularly easy to do this with a consumer OneDrive account. After signing in, open OneDrive Settings, click the Backup tab, click Manage Backup, and follow the instructions. Just make sure to save important files to the Desktop, Documents, and Pictures folders, which are then backed up automatically.Also: Get smart about passwords

Using a bad, easy-to-guess password can turn your life upside down. Just ask anyone who’s ever had a bank account compromised. Reusing any password, even a strong one, is just as bad. If a sloppy website allows your credentials to be stolen, a determined thief will try them at other sites.So, how do you generate a strong, unique password for every account, and how do you keep track of them all? Use a password manager. I prefer to store my heavily encrypted password file in the cloud using 1Password, but you have plenty of other choices, as I explain in this article.Also, don’t use “correct horse battery staple” as your password. It’s almost as bad as “123456.”Also:Turn on 2FA everywhereIf, despite your best precautions, an online thief steals your credentials for an important website or service, you have another roadblock to put in their way. Add multi-factor authentication (often called two-factor authentication, or 2FA) to every important online account. This is especially important for email credentials, any kind of banking or payment service, and all your social media accounts. In fact, if an important service doesn’t offer 2FA as a security option, you should perhaps ask them why not.Both Google and Microsoft make simple, elegant authenticator apps for smartphones. If you’re the independent sort, try the free Authy app. I’ve put together a 2FA explainer that can get you started. Do it today.See also: Better than the best password: How to use 2FA to improve your securityStop tweaking thingsIn the early days of the PC revolution, computers were like the Ford Model T. If you took one out on the road, you’d better have a full toolkit handy and be prepared to get very greasy while tinkering under the hood.The heyday of the Model T was almost exactly a century ago. In the 21st Century, when cars are mostly code, you are not going to make your Tesla go faster by going in and editing some config files. The same is true with PCs. I routinely see people who insist that they can make their computing machines go at warp speed with a few registry edits.But when I look deeper into those magical tweaks, I almost never find that any of these trivial changes truly make a difference, and each one involves the risk of unintended, performance-sapping consequences. Most of modern computing is just physics, after all. You want a faster computer? Add more memory, or replace that old spinning disk with an SSD.Also: Take your updatesAmong the tinfoil-hat set, it is fashionable to argue that true experts focus their energy on preventing software developers from installing updates. They believe, after all, that the best version of your OS was the one released three years ago (or five years ago, or even ten) and everything that has happened since has been an unmitigated disaster.Meanwhile, here on Earth-1, every major software platform updates itself continuously. Problems with updates are relatively rare and generally solved within days or, very rarely, a week or two.If you’d prefer to take a conservative approach, it’s easy enough to defer updates for up to a month while you wait for others to identify any issues. But spending energy trying to override built-in update code is time you’ll never get back.Also: Uninstall your antivirusThere might have been a case for installing third-party antivirus software on a Windows PC a decade or two ago, but today? Not so much. Windows Defender, which is part of every Windows 10 installation, is good enough.That’s not just damning with faint praise, either.These days, the only reason that third-party antivirus exists is so that PC makers can actually squeeze out a profit from the bounties they get for preinstalling this crap on cheap new PCs for consumers. The overwhelming majority of malicious software should be shut off long before it gets to your PC, using the built-in protections provided by your email provider, your ISP, and your web browser.In fact, that third-party software is just as likely to get in the way of an update or accidentally quarantine a crucial system file. Save your money and just get rid of it. If you’ve got a PC on which one of the large third-party security programs came preinstalled, you might have to use a special tool to get rid of it completely. Here are some handy links for Norton, McAfee, and Trend Micro products.Also: The 5 best VPN services More

The Cybersecurity and Infrastructure Security Agency and the White House have released warnings to companies and organizations across the country, urging them to be on alert for cyberattacks ahead of the Christmas holiday. 

more coverage

CISA has released “CISA Insights: Preparing For and Mitigating Potential Cyber Threats” to provide critical infrastructure leaders with steps to proactively strengthen their organization’s operational resiliency against sophisticated threat actors.In a letter sent out on Thursday, White House Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger and National Cyber Director Chris Inglis said there are typically breaches around national holidays because cybercriminals know that security operations centers are often short-staffed.Cyber officials released a similar message earlier this year after major attacks on Colonial Pipeline and Kaseya took place on Memorial Day Weekend and July 4 Weekend respectively. “Beyond the holidays, though, we’ve experienced numerous recent events that highlight the strategic risks we all face because of the fragility of digital infrastructure and the ever-present threat of those who would use it for malicious purposes,” Neuberger and Inglis said. “There are specific steps that you, as leaders, can initiate now to reduce the risk of your organizations during this time of heightened risk and into the New Year. In many cases, criminals plan and actually begin an intrusion before the holiday itself — they infiltrate a network and lie in wait for the optimal time to launch an attack. It is therefore essential that you convene your leadership team now to make your organization a harder target for criminals.”The two urged organizations to make sure all patches are up-to-date, enable logs, back up data, investigate incidents quickly, change passwords, mandate multi-factor authentication, manage IT security schedules and make employees aware of phishing.

CISA’s warning focused on critical infrastructure owners and operators, telling them that security personnel coverage needs to be sketched out now in light of the coming Christmas holiday, and incident response plans need to be updated. Organizations should also make sure all the cybersecurity best practices are being followed and that the current cybersecurity threats and malicious techniques are being monitored. CISA even said the threshold for information sharing should be lowered, and any cybersecurity incidents and anomalous activity should be reported to CISA or the FBI Immediately. The FBI sent out its own notice on Wednesday notifying potential victims of the Log4j vulnerability that they “may be unable to respond to each victim individually, but all information we receive will be useful in countering this threat.”While some cybersecurity experts have said cybercriminal interest in Log4j is waning, Microsoft said nation states and other groups are exploiting the bug, including Chinese government-linked group Hafnium as well as groups from North Korea, Turkey and Iran. VMware head of cybersecurity strategy Tom Kellermann told ZDNet that he was very concerned about the organizations that haven’t followed the “very specific and holistic advice” given by CISA and the Joint Cyber Defense Collaborative (JCDC).As a member of the JCDC, VMware has worked alongside Google, Microsoft, Verizon to help address the threat posed by Log4j. “Ever since the first proof of concept exploit was made available, attackers around the world — from cybercrime cartels to rogue nation states — have been actively exploiting the vulnerability, and that’s been going on for days. Everyone uses Apache in some form and it’s really a question of them updating immediately,” Kellermann said. “But in addition to that, I think people should apply outbound micro-segmentation rules to prohibit new connections from being established from workloads. They should be scanning their environment and code bases for vulnerable systems employing Log4j. They should be monitoring their workloads for abnormal traffic flow, and they should be reviewing their log files to look for unauthorized configuration changes.”Kellermann added that if an organization doesn’t know where Apache ends and begins in their environment, they need to “dramatically expand their threat hunt game” because, more than likely, they’ve already been compromised given the level of scanning and exploitation occurring. More

Following major cyberattacks against central government bodies in Brazil, initial investigations have found that malicious actors have used civil servant credentials to access systems.

The finding is among a series of warnings and recommendations issued by the presidency’s Institutional Security Office (GSI). Initially released last Wednesday (December 8) and edited yesterday (December 14), the alert is aimed at security managers across the federal government. “Some intrusions have occurred using legitimate administrator [credentials],” the document noted, adding this meant attackers didn’t have to perform any actions to access system privileges. The publication and subsequent editing of GSI’s alert emerge as Brazil’s Ministry of Health (MoH) struggles to re-establish its systems following a major ransomware attack last Friday. Systems such as ConecteSUS, which holds COVID-19 vaccination data and certificates, remain unavailable. GSI recommended a series of security measures to be adopted by departments in the event of “malicious actions or improper use of credentials”. As well as notifying the government’s cyberattack prevention and response center, instructions included strengthening the use of multi-factor authentication tools for all cloud system administrators. The security office also recommended the re-evaluation of backup policies, as well as requesting cloud providers to change master passwords and implement additional security layers to mitigate the risk that malicious actors utilize high-privilege passwords.

Security managers should control metadata access settings in cloud environments, the GSI document noted, and start internal campaigns to get staff to change their passwords for stronger alternatives. In addition, the document suggests reducing the level of network privileges as a means to limit the number of staff able to make major system changes. Recommendations also include blocking access to systems for public servants away from work for reasons such as vacation.The Ministry of Health is still working to bring systems back online after a second cyberattack “caused turmoil” at Datasus, the department’s IT function. On Wednesday (December 15), the MoH said in a statement teams were working on re-establishing the system for vaccine certification as soon as possible but did not provide an estimate of when that would happen. In addition, the MoH alerted the population about false emails about a supposed service whereby vaccine certificates would be emailed to the population. The department reiterated the only way to get the certificates is via the ConecteSUS app or online. Members of the Lapsus$ group, who has claimed responsibility for the cyberattacks against the Ministry of Health over the last few days, started to dump files online that were allegedly extracted from the MoH’s systems, according to Brazilian security website CISO Advisor. So far, 293MB worth of data has already been dumped, and the package is composed mainly of data tables, Javascript code and apparently no citizen data. In an exchange with CISO Advisor, the perpetrators said they will dump an additional 10MB online soon but did not say when. More

If there ever was any doubt over the severity of the Log4j vulnerability, director of US cybersecurity and infrastructure agency CISA, Jen Easterly, immediately quashed those doubts when she described it as “one of the most serious that I’ve seen in my entire career, if not the most serious”. On Friday 9 December, the information security world was rocked by the disclosure of Log4j (CVE-2021-44228), a zero-day vulnerability in the widely used Java logging library Apache Log4j, which allows attackers to remotely execute code and gain access to machines.Not only is the vulnerability relatively simple to take advantage of, the ubiquitous nature of Log4j means that it’s embedded in a vast array of applications, services and enterprise software tools that are written in Java – and used by organisations and individuals around the world.LOG4J FLAW COVERAGE – WHAT YOU NEED TO KNOW NOW That means after a long and exhausting year, tech staff find themselves scrambling to fix yet another critical vulnerability.Even worse, in the case of Log4j, it may be extremely hard for even security professionals to understand whether this code is part of their applications and thus a potential risk. Like much open-source software, it is built-in down the supply chain. Many vendors are still attempting to find out if their products are affected.That’s why some have likened Log4j to Heartbleed, a vulnerability in SSL that affected many major websites and services, but was also difficult to detect and manage. Like Heartbleed, the consequences of which have continued to unfurl for years, there’s already the fear that Log4j vulnerabilities could be a long-term problem.Not that hackers have waited a moment before attempting to take advantage of a newly disclosed vulnerability, of course.

Within just a few hours, there were already a vast number of attempts at exploiting Log4j vulnerabilities. What’s more, the malicious activity being tracked has only continued to rise – one cybersecurity company says it took just days for attackers to target almost half of corporate networks. Some of the first payloads dropped were cryptominers – malware that uses the processing power of the infected device to mine for cryptocurrency. But much more dangerous threats soon followed. These included instances of penetration-testing tool Cobalt Strike being installed – something commonly used by attackers to steal usernames and passwords that are necessary to move around networks.That was followed by reports of ransomware that is exploiting Log4j. Take Khonsari, which is an incredibly basic form of ransomware, but ransomware groups are quick to adopt any techniques that increase the chances of compromising networks and successfully demanding a ransom, meaning more ransomware attacks leveraging Log4j are likely to follow.Then came the nation state-backed hacking groups looking to exploit the vulnerability – like they had with SolarWinds and Microsoft Exchange. Hacking operations working out of China, Iran, North Korea and Turkey were spotted attempting to leverage Log4j – and they’ll continue to make these moves for as long as they can.Work has already begun to repair the damage. CISA has mandated that federal agencies must patch the Log4j vulnerability within days. But for everyone else, the process could take years and there will be plenty of instances where, despite the critical vulnerabilities, some systems will never get the patch.Just look at EternalBlue, the catalyst behind WannaCry and NotPetya in 2017, which still regularly features among the most commonly exploited vulnerabilities and, years later, is still used by cyber criminals to launch attacks.Ultimately, as long as there are systems that are at risk from the Log4j vulnerability, there will be cyber criminals or nation state-backed hackers out there who will look to take advantage.And even if a high-profile organisation is under the impression that it’s protected against the vulnerability, there’s the possibility that attackers could compromise a supplier that doesn’t manage its IT as thoroughly. Criminals could then exploit that gap as a gateway to the larger, more lucrative target.LOG4J FLAW COVERAGE – HOW TO KEEP YOUR COMPANY SAFE It’s ultimately a quirk of how the internet works that so much harm could potentially come from an open-source project, operated and managed on a voluntary basis. The internet is a crucial part of our everyday lives, but instances like this Log4j vulnerability demonstrate how vulnerable it can be.Some experts will call for more rules and regulations over how the internet and computers ultimately work and fit together. That would be a difficult conversation, particularly given how so much of the infrastructure that helped make the internet what it is today is ultimately built from passion projects and volunteer schemes.Cybersecurity professionals were already burned out after a difficult few years. Another major cybersecurity event in the run up to Christmas won’t have helped anything.Unfortunately, Log4j will likely remain an issue through 2022 and beyond – we’re probably only scratching the surface of the risk and the hacking campaigns that will attempt to exploit this vulnerability.The best thing organisations can do, for now, is to follow the expert advice and apply updates to mitigate the potential damage – and then hope that similar vulnerabilities don’t emerge elsewhere any time soon to cause more damage and more burnout. More