{"id":138187,"date":"2020-12-21T06:04:59","date_gmt":"2020-12-21T03:04:59","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/pardon-the-intrusion-33-solarwinds-unleashes-a-cyber-storm\/"},"modified":"2020-12-21T06:04:59","modified_gmt":"2020-12-21T03:04:59","slug":"pardon-the-intrusion-33-solarwinds-unleashes-a-cyber-storm","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/pardon-the-intrusion-33-solarwinds-unleashes-a-cyber-storm\/","title":{"rendered":"#Pardon the Intrusion #33: SolarWinds unleashes a cyber storm"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a35d5155d63c\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a35d5155d63c\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/pardon-the-intrusion-33-solarwinds-unleashes-a-cyber-storm\/#Whats_trending_in_security\" >What\u2019s trending in security?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/pardon-the-intrusion-33-solarwinds-unleashes-a-cyber-storm\/#Data_Point\" >Data Point<\/a><\/li><\/ul><\/nav><\/div>\n<p>&#8220;<strong>#Pardon the Intrusion #33: SolarWinds unleashes a cyber storm<\/strong>&#8221;<\/p>\n<div>\n                            <strong><em>Subscribe to this bi-weekly <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">news<\/a>letter <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/tnw.to\/newsletter\">here<\/a>!<\/em><\/strong><\/p>\n<p><span>Welcome to the latest edition of Pardon The Intrusion, TNW\u2019s <\/span><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/thenextweb.us1.list-manage.com\/track\/click?u=22ec88eb9b9d8bc3bcf660787&amp;id=37136e54f1&amp;e=0e200ae170\">bi-weekly newsletter<\/a> in which we explore the wild world of security.<\/p>\n<p><span>Earlier this week, several major US government agencies \u2014 including the Departments of Homeland Security, Commerce, Treasury, and State \u2014 discovered that their digital systems <\/span><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/thehackernews.com\/2020\/12\/us-agencies-and-fireeye-were-hacked.html\">had been breached<\/a><span> by hackers in what\u2019s fast turning out to be a highly sophisticated supply chain attack.<\/span><\/p>\n<p><span>Such attacks often work by first compromising a third-party vendor with a connection to the true target.<\/span><\/p>\n<p><span>Infiltrating a third-party provider that has access to their customers\u2019 networks also vastly increases the scale of an attack, as a successful break-in opens up access to all those businesses that rely on it, making them all vulnerable at once.<\/span><\/p>\n<p><span>In this case, the attackers turned out to SolarWinds, a Texas-based IT infrastructure provider, to inject malicious code into its monitoring tool that was then pushed to nearly 18,000 of its customers as software updates.<\/span><\/p>\n<figure class=\"post-image post-mediaBleed aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter lazy\" width=\"600\" height=\"174\" data-file-id=\"59922\" src=\"https:\/\/mcusercontent.com\/22ec88eb9b9d8bc3bcf660787\/images\/968864a6-b4e9-4ee2-9493-f4cc98940d4c.gif\" data-lazy=\"true\"\/><\/figure>\n<p><span>SolarWinds counts several US federal agencies and Fortune 500 firms among its clients.<\/span><\/p>\n<p><span>According to cybersecurity firm FireEye, which also <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>ears to have been a <\/span><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/thehackernews.com\/2020\/12\/cybersecurity-firm-fireeye-got-hacked.html\">victim of the same attack<\/a><span>, called it a <\/span><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/thehackernews.com\/2020\/12\/new-evidence-suggests-solarwinds.html\">meticulously planned<\/a><span> espionage campaign that may have been ongoing at least since March 2020.<\/span><\/p>\n<p><span>Although there hasn\u2019t been any concrete evidence tying the attacks to a specific threat actor, <\/span><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.washingtonpost.com\/national-security\/russian-government-spies-are-behind-a-broad-hacking-campaign-that-has-breached-us-agencies-and-a-top-cyber-firm\/2020\/12\/13\/d5a53b88-3d7d-11eb-9453-fc36ba051781_story.html\">multiple<\/a><span> <\/span><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.reuters.com\/article\/global-cyber\/global-security-teams-assess-impact-of-suspected-russian-cyber-attack-idUKKBN28O1KN\">media<\/a><span> reports have pinned the intrusions on APT29 (aka Cozy Bear), a hacker group associated with Russia\u2019s foreign intelligence service.<\/span><\/p>\n<p><span>It may take months to fully understand the breadth and depth of the hack, but the SolarWinds incident once again highlights the severe consequences of compromising a supply chain.<\/span><\/p>\n<p><span>Of course, supply chain attacks have <\/span>happened<span> <\/span><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/thegrugq\/status\/1338694951404593154\">before<\/a><span>. What\u2019s more concerning here is how little has been done since then to prevent them from happening again.<\/span><\/p>\n<h3 class=\"h2 mso-font\"><span class=\"ez-toc-section\" id=\"Whats_trending_in_security\"><\/span><span>What\u2019s trending in security?<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span>Signal added support for <\/span><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/signal.org\/blog\/group-calls\/\">encrypted group calls<\/a><span>, the Zodiac Killer cipher <\/span><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/arstechnica.com\/information-technology\/2020\/12\/zodiac-killer-cipher-is-cracked-after-eluding-sleuths-for-51-years\/\">was cracked<\/a><span> after 51 long years, and a former Cisco engineer was sentenced to 24 months in prison for <\/span><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.zdnet.com\/article\/former-cisco-engineer-sentenced-to-prison-for-deleting-16k-webex-accounts\/\">deleting 16,000 Webex accounts<\/a><span> without authorization.<\/span><\/p>\n<ul>\n<li>\n<span>The <\/span><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Zodiac_Killer\">Zodiac Killer<\/a><span> cipher was cracked after 51 years. \u201cIt was an exciting project to work on, and it was on many people\u2019s \u2018top unsolved ciphers of all time lists,&#8217;\u201d said Dave Oranchak, one of the three men who cracked the encoded message. [<\/span><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/arstechnica.com\/information-technology\/2020\/12\/zodiac-killer-cipher-is-cracked-after-eluding-sleuths-for-51-years\/\">Ars Technica<\/a><span>]<\/span>\n<\/li>\n<li>\n<span>Hackers are getting creative with web skimmers designed to steal payment info from users when they visit a compromised shopping website. Researchers found criminal gangs experimenting with storing the malicious code in <\/span><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.zdnet.com\/article\/hackers-hide-web-skimmer-inside-a-websites-css-files\/\">CSS style sheets<\/a><span>and <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">social media<\/a> buttons. [<\/span><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.zdnet.com\/article\/credit-card-stealer-discovered-in-social-media-buttons\/\">ZDNet<\/a><span>]<\/span>\n<\/li>\n<li>\n<span>GitHub found that security vulnerabilities in open-source projects often go undetected for more than four years before being disclosed. What\u2019s more, 17% of all vulnerabilities in software were intentionally planted for malicious purposes. As they say, open-source does not equal secure. [<\/span><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/octoverse.github.com\/static\/2020-security-report.pdf\">GitHub<\/a><span>]<\/span>\n<\/li>\n<li>\n<span>Apple and Cloudflare joined hands for a new initiative called Oblivious DNS-over-HTTPS (<\/span><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/blog.cloudflare.com\/oblivious-dns\/\">ODoH<\/a><span>) that hides the websites you visit from your ISP. [<\/span><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/arstechnica.com\/information-technology\/2020\/12\/cloudflare-apple-and-others-back-a-new-way-to-make-the-internet-more-private\/\">Ars Technica<\/a><span> \/ <\/span><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/gizmodo.com\/cloudflare-and-apples-new-oblivious-protocol-could-mean-1845837280\">Gizmodo<\/a><span>]<\/span>\n<\/li>\n<li>\n<span>Former Cisco engineer Sudhish Kasaba Ramesh, 31, was sentenced to 24 months in prison for deleting 16,000 Webex accounts without authorization, costing the company more than $2.4 million, with $1,400,000 in employee time and $1,000,000 in customer refunds. [<\/span><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.zdnet.com\/article\/former-cisco-engineer-sentenced-to-prison-for-deleting-16k-webex-accounts\/\">ZDNet<\/a><span>]<\/span>\n<\/li>\n<li>\n<span>Secure messaging app Signal added support for encrypted group video calls with up to five participants. [<\/span><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/signal.org\/blog\/group-calls\/\">Signal<\/a><span>]<\/span>\n<\/li>\n<li>\n<span>A German court forced encrypted email provider Tutanota to create a backdoor that allows it to monitor an individual\u2019s inbox in connection with a blackmail case. [<\/span><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.cyberscoop.com\/germany-court-ruling-tutanota-email-monitoring\/\">CyberScoop<\/a><span>]<\/span>\n<\/li>\n<li>\n<span>Just a couple of weeks ago, we learned that the company behind the X-Mode SDK had been selling customer location data to government contractors. Now Forbes\u2019 Thomas Brewster has reported how surveillance vendors like Rayzone and Bsightful are siphoning location data from smartphones with the help of tools used to serve mobile ads on third-party apps. [<\/span><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.forbes.com\/sites\/thomasbrewster\/2020\/12\/11\/exclusive-israeli-surveillance-companies-are-siphoning-masses-of-location-data-from-smartphone-apps\/\">Forbes<\/a><span>]<\/span>\n<\/li>\n<li>\n<span>Operatives with an Arabic-speaking hacking group, known as MoleRATs, used mainstream <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/technology\/\" data-internallinksmanager029f6b8e52c=\"4\" title=\"Technology\" target=\"_blank\" rel=\"noopener\">technology<\/a> services like Facebook and Dropbox to obscure their malicious activity and exfiltrate data from targets across the Middle East. [<\/span><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.cybereason.com\/blog\/new-malware-arsenal-abusing-cloud-platforms-in-middle-east-espionage-campaign\">Cybereason<\/a><span>]<\/span>\n<\/li>\n<li>\n<span>Critical <\/span><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/us-cert.cisa.gov\/ics\/advisories\/icsma-20-343-01\">flaws<\/a><span> discovered in dozens of GE Healthcare radiological devices could allow an attacker to gain access to sensitive personal health information, alter data, and even compromise the machines\u2019 availability. Worse, these devices are secured with hardcoded default passwords that could be exploited to access sensitive patient scans. [<\/span><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.cybermdx.com\/vulnerability-research-disclosures\/ge-radiology-modalities\">CyberMDX<\/a><span>]<\/span>\n<\/li>\n<li>Apple, Google, Microsoft, and Mozilla banned a digital certificate being used by the Kazakhstan government to intercept and decrypt HTTPS traffic, after the country began requiring citizens in its capital of Nur-Sultan to install the certificate on their devices to access foreign internet services as part of a cybersecurity exercise. [<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.zdnet.com\/article\/apple-google-microsoft-and-mozilla-ban-kazakhstans-mitm-https-certificate\/\">ZDNet<\/a>]<\/li>\n<li>\n<span>The past fortnight in data breaches, leaks, and ransomware: <\/span><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.zdnet.com\/article\/eu-agency-in-charge-of-covid-19-vaccine-approval-says-it-was-hacked\/\">European Medicines Agency<\/a><span>, <\/span><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/foxconn-electronics-giant-hit-by-ransomware-34-million-ransom\/\">Foxconn<\/a><span>, Intel\u2019s <\/span><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/intels-habana-labs-hacked-by-pay2key-ransomware-data-stolen\/\">Habana Labs<\/a><span>, <\/span><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/kmart-nationwide-retailer-suffers-a-ransomware-attack\/\">Kmart<\/a><span>, <\/span><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.zdnet.com\/article\/ransomware-hits-helicopter-maker-kopter\/\">Kopter<\/a><span>, <\/span><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/ransomware-forces-hosting-provider-netgain-to-take-down-data-centers\/\">Netgain<\/a><span>, <\/span><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.cyberscoop.com\/egregor-ransomware-randstand-head-hunter\/\">Randstand<\/a><span>, <\/span><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/techcrunch.com\/2020\/12\/10\/spotify-resets-user-passwords-after-a-bug-exposed-private-account-information\/\">Spotify<\/a><span>, Vancouver\u2019s <\/span><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.zdnet.com\/article\/ransomware-attack-cripples-vancouver-public-transportation-agency\/\">TransLink<\/a><span>, <\/span><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.zdnet.com\/article\/robotics-unicorn-uipath-discloses-data-breach\/\">UiPath<\/a><span>, <\/span><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.theregister.com\/2020\/12\/15\/dicom_45_million_medical_scans_unsecured\/\">45 million<\/a><span> images of X-rays and other medical scans, and the personal data of <\/span><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.zdnet.com\/article\/data-of-243-million-brazilians-exposed-online-via-website-source-code\/\">243 million Brazilian citizens<\/a><span>.<\/span>\n<\/li>\n<\/ul>\n<h3 class=\"h2 mso-font\"><span class=\"ez-toc-section\" id=\"Data_Point\"><\/span>Data Point<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span>According to latest stats from the <\/span><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/nvd.nist.gov\/general\/visualizations\/vulnerability-visualizations\/cvss-severity-distribution-over-time\">National Vulnerability Database<\/a><span>, 2020 saw a record number of reported flaws, with as many as 17,537 bugs recorded during the year, slightly up from 17,306 in 2019.<\/span><br \/><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/nvd.nist.gov\/general\/visualizations\/vulnerability-visualizations\/cvss-severity-distribution-over-time\"><\/p>\n<figure class=\"post-image post-mediaBleed aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter lazy\" width=\"600\" height=\"242\" data-file-id=\"59894\" src=\"https:\/\/mcusercontent.com\/22ec88eb9b9d8bc3bcf660787\/images\/817eca50-b60b-4dee-983a-c1e2bf287ef0.png\" data-lazy=\"true\"\/><\/figure>\n<p><\/a><br \/><span>Over the past 12 months, 4,177 high-severity vulnerabilities, 10,767 medium-severity vulnerabilities, and 2,593 low-severity vulnerabilities were reported. In 2019, there were 17,306 flaws published: 4,337 high-severity, 10,956 medium-severity, and 2,013 low-severity vulnerabilities.<\/span><\/p>\n<p>That\u2019s it. See you all in two weeks. Stay safe!<\/p>\n<p><em>Ravie x TNW (ravie[at]thenextweb[dot]com)<\/em><\/p>\n<\/p><\/div>\n<p><script async src=\"\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/thenextweb.com\/newsletter\/2020\/12\/21\/pardon-the-intrusion-33-solarwinds-unleashes-a-cyber-storm\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;#Pardon the Intrusion #33: SolarWinds unleashes a cyber storm&#8221; Subscribe to this bi-weekly newsletter here! Welcome to the latest edition of Pardon The Intrusion, TNW\u2019s bi-weekly newsletter in which we explore the wild world of security. Earlier this week, several major US government agencies \u2014 including the Departments of Homeland Security, Commerce, Treasury, and State&#8230;<\/p>\n","protected":false},"author":1,"featured_media":138188,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/img-cdn.tnwcdn.com\/image\/tnw?filter_last=1&fit=1280,640&url=https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2019\/09\/ptl-newsletter-hed.png&signature=c4f12fef9a1a81c9ecf46fee2ba1a103","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[75575,87285,73239,72287,70759],"class_list":["post-138187","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology","tag-backdoor-computing","tag-government-agency","tag-newsletter","tag-security","tag-tech"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/138187","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=138187"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/138187\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/138188"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=138187"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=138187"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=138187"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}