SANS OnDemand - 45+ Courses Available Today - View a Demo for an Hour of Free Content

Newsletters: Newsbites

Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.





SANS NewsBites
@Risk: Security Alert
OUCH! Security Awareness
Case Leads DFIR Digest
Industrial Control Systems
Industrials & Infrastructure


SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.

Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.

Volume XXI - Issue #99

December 20, 2019


****************************************************************************

SANS NewsBites               Dec. 20, 2019                Vol. 21, Num. 099

****************************************************************************

 

Introducing SANS Holiday Hack Challenge 2019

 

Ta-da--the world's most fun and festive cybersecurity challenge is available now for free. SANS Holiday Hack Challenge is the best place to learn about InfoSec trends, gain exposure to new technologies, and get information that is not accessible anywhere else. This year's challenge includes offensive and defensive training opportunities, machine learning scenarios, an extensive line-up of KringleCon speakers, and so much more. It's game-based training at its best--highly engaging, designed for all skill levels, and actually free. Whether you want to expand on-the-job skills, see the latest tools, or get fresh inspiration from thought leaders in cybersecurity, exploring SANS Holiday Hack Challenge is a smart use of your holiday time. Hurry and secure your complimentary pass today at https://holidayhackchallenge.com


****************************************************************************

 

Top of The News

 

Tis the Season! Emotet Christmas Phishing Emails

The Year 2019 in review: Same Threats, More Targets

Critical Vulnerabilities found in WAGO Programmable Logic Controllers

218 Million Passwords Stolen in Zynga Hack

 

The Rest of the Week's News

 

WhatsApp bug allows for app crash and permanent deletion of group chats

German City of Frankfurt Victim of Emotet

City of Galt suffers Cyber Attack

Cyber Attack Against German University Causes Thousands of Students To Queue for New Accounts

Man Sentenced for Planting Logic Bombs

Identifying DNS-Over-HTTPS Traffic Without Decryption Possible

Wawa Discovers Point of Sale Malware Breach

Senators Introduce K-12 Cybersecurity Act

Published Stolen Card Data Is Used Within Two Hours

 

Internet Storm Center Tech Corner


****************************************************************************


SANS NewsBites Default Training Update for Friday, December 20, 2019 (NB 21.099)


-- SANS Security East 2020 | New Orleans, LA | February 1-8 | https://www.sans.org/event/security-east-2020


-- SANS Miami 2020 | January 13-18 | https://www.sans.org/event/miami-2020


-- SANS Threat Hunting & IR Summit & Training | London, UK | January 13-19, 2020 | https://www.sans.org/event/threat-hunting-europe-2020


-- SANS Tokyo January 2020 | January 20-25 | https://www.sans.org/event/tokyo-january-2020


-- SANS Amsterdam January 2020 | January 20-25 | https://www.sans.org/event/amsterdam-january-2020


-- Cyber Threat Intelligence Summit & Training | Arlington, VA | January 20-27 | https://www.sans.org/event/cyber-threat-intelligence-summit-2020


-- SANS Scottsdale 2020 | February 17-22 | https://www.sans.org/event/scottsdale-2020


-- Open-Source Intelligence Summit & Training 2020 | Alexandria, VA | February 18-24 | https://www.sans.org/event/osint-summit-2020


-- SANS Secure Singapore 2020 | 16-28 March | https://www.sans.org/event/secure-singapore-2020


-- SANS OnDemand and vLive Training

Get a Free GIAC Certification Attempt or Take $350 Off through December 25 with OnDemand or vLive training.

https://www.sans.org/online-security-training/specials/


-- Can't travel? SANS offers online instruction for maximum flexibility

-- Live Daytime training with Simulcast - https://www.sans.org/simulcast

-- Evening training 2x per week for 6 weeks with vLive | https://www.sans.org/vlive

-- Anywhere, Anytime access for 4 months with OnDemand format | https://www.sans.org/ondemand/


Single Course Training

-- Single Course Training

SANS Mentor | https://www.sans.org/mentor/about

Community SANS | https://www.sans.org/community/

 

-- View the full SANS course catalog and Cyber Security Skills Roadmap

https://www.sans.org/courses

https://www.sans.org/cyber-security-skills-roadmap


****************************************************************************

 

Free technical content sponsored by Cisco

 

The Security Bottom. When organizations have dozens of security products and still get breached, it begs the question: How much security is enough? How many products does an organization need? How much should be spent on security? We aim to answer these questions through a double-blind survey of security professionals, along with expert commentary. https://www.sans.org/info/215080


****************************************************************************


Top of the News

 

Tis the Season! Emotet Christmas Phishing Emails

(December 17 & 18, 2019)

 

New campaign from Emotet spammers features messages with subject "Christmas Party" or "Christmas. " The messages include a malicious Microsoft Word attachment with names like "Annual Holiday Lunch" and "Party Menu." While the use of holiday themed spam featuring Emotet is not new, alerts were published by US-CERT in July of 2018, holidays remain a time when users are more easily engaged. Credential theft trojan Emotet was initially a banking Trojan, it now has multiple modules that could be loaded including password stealers for email and browser clients, spam mailers, proxies, network spreaders, and ransomware.

 

Editor's Note

 

[Pescatore, Neely] https://www.sans.org/newsletters/newsbites/editorial-board#john-pescatore https://www.sans.org/newsletters/newsbites/editorial-board#lee-neely


Good "news hook" for a reminder to tell employees "no legitimate email communications during the holiday season will include attachments! Please don't open any!" There are a lot of urgent reminders at the end of the year that can be legitimate, none of the legitimate ones ever need to attach documents.

 

Read more in:


- https://www.bleepingcomputer.com/news/security/emotet-trojan-is-inviting-you-to-a-malicious-christmas-party/ : Emotet Trojan is Inviting You To A Malicious Christmas Party

- https://www.infosecurity-magazine.com/news/emotet-spammers-send-christmas/ : Emotet Spammers Send Christmas Phishing Emails

- https://www.trendmicro.com/vinfo/us/threat-encyclopedia/spam/686/emotet-arrives-via-spam-greeting-you-a-merry-christmas : EMOTET Arrives via Spam, Greeting You a Merry Christmas

 

The Year 2019 in review: Same Threats, More Targets

(December 10, 2019)

 

The Council on Foreign Relations published their synopsis of Cyberattacks in 2019.  Noteworthy were increases in attacks on critical infrastructure attributed to hackers developing more advanced tools and introduction of systems to the internet which were not engineered for the security necessitated by that connection.

 

Read more in:


- https://www.cfr.org/blog/year-2019-review-same-threats-more-targets : The Year 2019 in review: Same Threats, More Targets

 

Critical Vulnerabilities found in WAGO Programmable Logic Controllers

(December 16 & 17, 2019)

 

Researchers at Cisco Talos found critical flaws, assigned CVSS scores of 9.8 or 10, in the protocol handling code of the I/O check configuration code used by Germany-based WAGO in their PFC100 and PFC200 PLCs. The flaws allow for arbitrary code execution and are exploited via buffer overflows which don't require authentication. The exploits can be used to reset the device to factory conditions, including default passwords. WAGO has released firmware updates.

 

Read more in:


- https://www.securityweek.com/several-critical-vulnerabilities-found-wago-controllers : Several Critical Vulnerabilities Found in WAGO Controllers

- https://blog.talosintelligence.com/2019/12/vulnerability-spotlight-multiple.html : Vulnerability Spotlight: Multiple vulnerabilities in WAGO PFC200

- https://cert.vde.com/de-de/advisories/vde-2019-022 : VDE-CERT: WAGO Multiple Vulnerabilities in I/O-Check Service in Multiple devices

 

218 Million Passwords Stolen in Zynga Hack

(December 18, 2019)

 

Popular social game developer Zynga has reportedly become the latest victim of a massive data breach impacting some 218 million Words with Friends accounts. Per gnosticplayers, the data breach affected all Android and iOS game players who installed and signed up for the Words With Friends game on and before September 2 this year.

 

Editor's Note

 

[Neely] https://www.sans.org/newsletters/newsbites/editorial-board#lee-neely


More than just "Words With Friends;" specific data was exfiltrated, including password reset and Facebook account information. If you use any Zynga games, assume your information is included. If you use your Facebook credentials to authenticate to those games, ensure the password is unique and consider enabling multi-factor authentication.

 

[Pescatore] https://www.sans.org/newsletters/newsbites/editorial-board#john-pescatore


Many people using Firefox Monitor, Have I Been Pwned? or equivalent monitoring services are likely to get an alert and say "I've never heard of  Zynga" but will admit "I did play Words with Friends a few times..." - need to make sure that password is not in use elsewhere.

 

Read more in:


- https://thenextweb.com/security/2019/10/01/218m-words-with-friends-players-data-reportedly-stolen-in-zynga-hack/ : 218M 'Words with Friends' players' data reportedly stolen in Zynga hack

- https://www.digitaltrends.com/mobile/words-with-friends-hack-news/ : Massive Words with Friends hack exposes 218 million account login details


****************************************************************************


Sponsored Links

 

Join us at the SANS ICS Security Summit & Training Summit 2020 | Orlando, FL | March 2-9. https://www.sans.org/info/215085

 

ICYMI Webcast: David Szili discusses his experience using Mimecast Web Security service. View here: https://www.sans.org/info/215090

 

Take SANS Training at RSA Conference 2020 | San Francisco, CA | Feb 23-24. https://www.sans.org/info/215095


****************************************************************************


The Rest of the Week's News

 

WhatsApp bug allows for app crash and permanent deletion of group chats

(December 17, 2019)

 

WhatsApp has released a fix for a flaw that, when exploited, would cause the app to continuously crash for all users in a group chat. Recovery from the exploit requires a complete uninstall and reinstall of the application. Even after the reinstall, returning to the impacted group chat can cause all messages related to that chat to be deleted. Exploitation requires attacker use an account which is a member of the targeted group chat. The issue is fixed in version 12.19.58 of the WhatsApp.  POC exploit code has been published by Check Point researchers.

 

Editor's Note

 

[Neely] https://www.sans.org/newsletters/newsbites/editorial-board#lee-neely


Make sure you configure your mobile apps to automatically update. Even so, checking at least monthly to make sure the updates are applied is prudent. Leverage the monthly patch release as a trigger to also check mobile. MDM and EMM systems can be leveraged to help monitor and drive the update process.

 

Read more in:


- https://www.zdnet.com/article/this-whatsapp-bug-could-allow-hackers-to-crash-the-app-and-delete-group-chats-forever/ : This WhatsApp bug could allow hackers to crash the app and delete group chats forever

- https://www.wired.com/story/whatsapp-group-chat-crash-bug/ : WhatsApp Fixes Yet Another Group Chat Security Gap

- https://www.livemint.com/technology/tech-news/whatsapp-new-bug-found-that-crashes-group-chat-deletes-history-forever-11576580651220.html : Steer clear of this WhatsApp bug crashing group chats, deleting history forever

 
 

German City of Frankfurt Victim of Emotet

(December 18, 2019)

 

The German city of Frankfurt has had to close down its computer networks due to infection by the Emotet malware. Several organisations in Germany have also fallen victim to those behind the Emotet malware. The recent wave of attacks has prompted the German Bundesamt fuer Sicherheit in der Informationstechnik (Federal Office for Information Security, the BSI) to issue an alert to German organisations (note the alert is in German https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2019/Spam-Bundesbehoerden_181219.html)

 

Read more in:


- https://www.zdnet.com/article/frankfurt-shuts-down-it-network-following-emotet-infection/ : Frankfurt shuts down IT network following Emotet infection

- https://www.en24.news/2019/12/city-of-frankfurt-restarts-after-virus-alert-it-systems.html : City of Frankfurt restarts after virus alert IT systems

- https://www.heise.de/newsticker/meldung/IT-Systeme-der-Stadt-Frankfurt-am-Main-wegen-Malware-Befall-offline-4619634.html : Malware-Befall: IT-Systeme der Stadt Frankfurt am Main offline

 

City of Galt suffers Cyber Attack

(December 16, 2019)

 

A Ransomware attack in the south Sacramento county city of Galt, California not only encrypted needed files but also allowed for placement of malware which took out their email and phone systems. While the ransom amount is not yet known, the city is engaging the FBI and State Department of Justice to determine the full scope and best path forward.

 

Editor's Note

 

[Neely] https://www.sans.org/newsletters/newsbites/editorial-board#lee-neely


Galt city services have set up and published alternate numbers not dependent on the offline VoIP system. This is a reminder to consider what actions are needed if your VoIP system is offline for an extended period, both for inbound and outbound communication. Ransomware has, more than older malicious attack behaviors, provided an opportunity to learn the importance of our DR plans as well as revealing areas that may not have previously been considered for both impact and fail-over strategy.

 

Read more in:


- https://www.kcra.com/article/cyber-attack-galt-sacramento-county-california/30262868 : 5 things you need to know about the cyberattack on the city of Galt

- https://fox40.com/2019/12/17/ransomware-hackers-attack-city-of-galt-disabling-public-agencys-email-and-phone-systems/ : Ransomware hackers attack City of Galt, disabling public agency's email and phone systems

- https://www.sacbee.com/news/local/crime/article238474338.html : Hackers hit Galt with ransomware attack, downing city employee phones and email, police say

 

Cyber Attack Against German University Causes Thousands of Students To Queue for New Accounts

(December 18, 2019)

 

The Justus Liebig University (JLU) in the German city of Giessen suffered a malware attack on the 8th of December which resulted in many of the university's systems going offline.  USB sticks were issued to 1,200 staff so that they could scan their computers for viruses. As a result of the attack the university's email system was wiped and over 38,000 students and staff had to queue in person to get a new email password to access the system. According to legal requirements imposed by the German National Research and Education Network (DFN), the university can only give staff and students their new password upon presentation of a physical ID card.

 

Read more in:


- https://www.zdnet.com/article/more-than-38000-people-will-stand-in-line-this-week-to-get-a-new-password/ : More than 38,000 people will stand in line this week to get a new password

- https://www.businessinsider.com/university-giessen-hack-paper-passwords-germany-38000-students-2019-12?r=US&IR=T : A university had to hand out paper passwords to 38,000 students and staff after being hacked

- https://www.bbc.com/news/technology-50838673 : Thousands of students in Germany queue for email access

 

Man Sentenced for Planting Logic Bombs

(December 17, 2019)

 

David Tinley of Harrison City, Pennsylvania, was sentenced to 6 months in a federal prison, and ordered to pay a US $7,500 for planting malicious logic bomb code in his software he developed as a means to ensure his contract would be renewed. From 2014 to 2016 Tinley, who worked as a contract computer programmer at the Monroeville branch of Siemens in Pennsylvania, deliberately inserted malicious code into software he developed so that problems would arise after certain dates, requiring Tinley to be retained on contract to "fix" the problems.

 

Editor's Note

 

[Neely] https://www.sans.org/newsletters/newsbites/editorial-board#lee-neely


Finding logic bombs like this requires code review or walkthroughs, which is challenging with today's limits on staff and time to deliver. Retain license to developed code, as well as a copy of the source where possible, so that you can not only review but also update/fix it without dependency on the original internal or external developers.

 

[Northcutt] https://www.sans.org/newsletters/newsbites/editorial-board#stephen-northcutt


I hope Siemens will take the opportunity to refactor their order management system. Using spreadsheets, and locking them for security, allows for a number of problems that would be remediated by a modern database.

 

Read more in:


- https://www.infosecurity-magazine.com/news/siemens-contractor-jailed-for/ : Siemens Contractor Jailed for Planting Logic Bombs

- https://www.darkreading.com/application-security/siemens-contractor-sentenced-for-writing-logic-bombs-/d/d-id/1336641 : Siemens Contractor Sentenced for Writing 'Logic Bombs'

- https://arstechnica.com/tech-policy/2019/12/contractor-admits-planting-logic-bombs-in-his-software-to-ensure-hed-get-new-work : Contractor admits planting logic bombs in his software to ensure he'd get new work

 

Identifying DNS-Over-HTTPS Traffic Without Decryption Possible

(December 18, 2019)

 

DNS-over-HTTPS (DoH) traffic can apparently be identified without actually decrypting it, a security researcher has discovered. According to Johannes Ullrich, dean of research at the SANS Technology Institute, one could actually identify DoH traffic by observing all traffic to and from a host.

 

Editor's Note

 

[Pescatore] https://www.sans.org/newsletters/newsbites/editorial-board#john-pescatore


The DNS over HTTPS issue for security teams is kind of like encryption in general for law enforcement. Use of encryption (done right) can make data and communications safer but monitoring harder. In many (really, pretty much all) cases the gains in safety by using encryption are greater than the loss in monitoring, and as Johannes Ulrich points out, skilled security folks can often find workarounds to enable business use of encryption while gaining back some level of visibility.

 

Read more in:


- https://www.securityweek.com/identifying-dns-over-https-traffic-without-decryption-possible-researcher : Identifying DNS-Over-HTTPS Traffic Without Decryption Possible: Researcher

- https://portswigger.net/daily-swig/from-dns-hijacking-to-domain-fronting-sans-security-pros-offer-retrospective-on-2019-threat-predictions : From DNS hijacking to domain fronting - SANS security pros offer retrospective on 2019 threat predictions

 

Wawa Discovers Point of Sale Malware Breach

(December 19, 2019)

 

Wawa customers who paid with credit or debit cards in the last nine months may have had their card information compromised. In a letter, Wawa CEO Chris Gheysens said the chain's information security team "discovered malware on Wawa payment processing servers" on Dec. 10, "contained" the malware by Dec. 12 and "immediately engaged a leading external forensics firm and notified law enforcement."

 

Editor's Note

 

[Neely] https://www.sans.org/newsletters/newsbites/editorial-board#lee-neely


Wawa reports the compromised data does not include CCV2 or PIN numbers. Even so, your issuer's fraud unit may elect to issue a new card to ensure the data exposed cannot be used. If you're uneasy, ask for a replacement card. Some financial institutions offer "instant issue" where a card can be printed real-time, eliminating mail delivery delays or risks.

 

Read more in:


- https://www.usatoday.com/story/money/2019/12/19/wawa-data-breach-2019-company-warns-data-security-incident/2703276001/ : Wawa warns of 'data security incident' involving credit and debit card information

- https://6abc.com/wawa-announces-data-breach-potentially-all-locations-affected-ceo-/5769537/ : Wawa announces massive data breach, 'potentially all' locations affected, CEO says

 
 

Senators Introduce K-12 Cybersecurity Act

(December 18, 2019)

 

Two US senators are calling on the Department of Homeland Security to offer more support. Their new bill, the K-12 Cybersecurity Act of 2019, tasks the DHS with assessing the scope of the problem and establishing guidelines to help schools improve their cybersecurity systems.  The legislation comes from Sens. Gary Peters, D-Mich., and Rick Scott, R-Fla., both members of the Senate Homeland Security and Governmental Affairs Committee.

 

Editor's Note

 

[Pescatore] https://www.sans.org/newsletters/newsbites/editorial-board#john-pescatore


SANS just gave Difference Makers awards to a high school teacher (Mark Estep of Poolesville MD High School) and a school district CTO/CISO (Neal Richardson of the Hillsboro-Deering NH School District) for the progress they have made in both increasing cybersecurity at their schools and in efforts to get kids interested in cybersecurity. The proposed legislation is pretty lightweight but would help schools (which always have limited budgets and staffs) by making free online cybersecurity training available.

 

Read more in:


- https://www.zdnet.com/article/senators-introduce-k-12-cybersecurity-act/ : Senators introduce K-12 Cybersecurity Act

- https://www.congress.gov/bill/116th-congress/senate-bill/3033/text?q=%7B%22search%22%3A%5B%22K-12+Cybersecurity%22%5D%7D&r=1&s=1 : S.3033 - K-12 Cybersecurity Act of 2019

 
 

Published Stolen Card Data Is Used Within Two Hours

(December 18, 2019)

 

A researcher from ThreatPipes decided to run an experiment on how long it would take thieves to find his stolen card data. Two hours, it turns out. That's how long it recently took somebody - or something, if it turns out to have been an automated bot - to find, and use, a credit card he purchased and posted.

 

Read more in:


- https://nakedsecurity.sophos.com/2019/12/18/doxed-credit-card-data-has-two-hours-max-before-its-nabbed/ : Doxed credit card data has two hours max before it's nabbed

- https://www.threatpipes.com/blog/2019/i-put-my-credit-card-on-the-darkweb/ : I Put My Credit Card on the Darkweb

 

****************************************************************************


Internet Storm Center Tech Corner

 

More DNS over HTTPS Details

https://isc.sans.edu/forums/diary/More+DNS+over+HTTPS+Become+One+With+the+Packet+Be+the+Query+See+the+Query/25628/

 

Ransomware Outing Victims

https://krebsonsecurity.com/2019/12/ransomware-gangs-now-outing-victim-businesses-that-dont-pay-up/

 

Google Chrome Update

https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop_17.html

 

An Emotet Update

https://isc.sans.edu/forums/diary/Emotet+infection+with+spambot+activity/25622/

 

Emotet Used to Spread Malware From German Federal Agency Accounts (article in german)

https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2019/Spam-Bundesbehoerden_181219.html

 

Joomla Patches SQL Injection

https://developer.joomla.org/security-centre.html

 

Unicode Mapping Problems

https://eng.getwisdom.io/hacking-github-with-unicode-dotless-i/

 

Discovering DNS over HTTPS

https://isc.sans.edu/forums/diary/Is+it+Possible+to+Identify+DNS+over+HTTPs+Without+Decrypting+TLS/25616/

 

Ring Camera Weaknesses

https://www.vice.com/en_us/article/epg4xm/amazon-ring-camera-security

 

WhatsApp DoS Bug

https://research.checkpoint.com/2019/breakingapp-whatsapp-crash-data-loss-bug/

 

Slack "Unshare" Not Working As Expected

https://www.theregister.co.uk/2019/12/16/slack_filesharing_vulnerability_post_sharing/

 

Google Making OAUTH Mandatory for GSuite

https://gsuiteupdates.googleblog.com/2019/12/less-secure-apps-oauth-google-username-password-incorrect.html

 

TPLink Authentication Bypass

https://securityintelligence.com/posts/tp-link-archer-router-vulnerability-voids-admin-password-can-allow-remote-takeover/

 

Factoring IoT RSA Keys

https://info.keyfactor.com/factoring-rsa-keys-in-the-iot-era


****************************************************************************

 

The Editorial Board of SANS NewsBites

 

Alan Paller

https://www.sans.org/newsletters/newsbites/editorial-board#alan-paller


Brian Honan

https://www.sans.org/newsletters/newsbites/editorial-board#brian-honan


David Hoelzer

https://www.sans.org/newsletters/newsbites/editorial-board#david=hoelzer


David Turley

https://www.sans.org/newsletters/newsbites/editorial-board#david-turley


Dr. Eric Cole

https://www.sans.org/newsletters/newsbites/editorial-board#eric-cole


Ed Skoudis

https://www.sans.org/newsletters/newsbites/editorial-board#ed-skoudis


Eric Cornelius

https://www.sans.org/newsletters/newsbites/editorial-board#eric-cornelius


Gal Shpantzer

https://www.sans.org/newsletters/newsbites/editorial-board#gal-shpantzer


Jake Williams

https://www.sans.org/newsletters/newsbites/editorial-board#jake-williams


Dr. Johannes Ullrich

https://www.sans.org/newsletters/newsbites/editorial-board#johannes-ullrich

 

John Pescatore

https://www.sans.org/newsletters/newsbites/editorial-board#john-pescatore


Mark Weatherford

https://www.sans.org/newsletters/newsbites/editorial-board#mark-weatherford


Rob Lee

https://www.sans.org/newsletters/newsbites/editorial-board#rob-lee


Sean McBride

https://www.sans.org/newsletters/newsbites/editorial-board#sean-mcbride


Shawn Henry

https://www.sans.org/newsletters/newsbites/editorial-board#shawn-henry


Stephen Northcutt

https://www.sans.org/newsletters/newsbites/editorial-board#stephen-northcutt


Suzanne Vautrinot

https://www.sans.org/newsletters/newsbites/editorial-board#suzanne-vautrinot


Tom Liston

https://www.sans.org/newsletters/newsbites/editorial-board#tom-liston


William Hugh Murray

https://www.sans.org/newsletters/newsbites/editorial-board#william-hugh-murray