cyberint.com
Open in
urlscan Pro
141.193.213.11
Public Scan
URL:
https://cyberint.com/blog/research/new-vulnerability-in-rs-deserialization-discovered/
Submission: On August 05 via manual from US — Scanned from DE
Submission: On August 05 via manual from US — Scanned from DE
Form analysis
2 forms found in the DOMPOST https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/2034462/230c9049-7f32-4103-afb0-7c165de6f8f1
<form id="hsForm_230c9049-7f32-4103-afb0-7c165de6f8f1" method="POST" accept-charset="UTF-8" enctype="multipart/form-data" novalidate=""
action="https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/2034462/230c9049-7f32-4103-afb0-7c165de6f8f1"
class="hs-form-private hsForm_230c9049-7f32-4103-afb0-7c165de6f8f1 hs-form-230c9049-7f32-4103-afb0-7c165de6f8f1 hs-form-230c9049-7f32-4103-afb0-7c165de6f8f1_3e8e4047-6a50-4b1f-ba14-1aa64b60dd15 hs-form stacked"
target="target_iframe_230c9049-7f32-4103-afb0-7c165de6f8f1" data-instance-id="3e8e4047-6a50-4b1f-ba14-1aa64b60dd15" data-form-id="230c9049-7f32-4103-afb0-7c165de6f8f1" data-portal-id="2034462"
data-test-id="hsForm_230c9049-7f32-4103-afb0-7c165de6f8f1" data-hs-cf-bound="true">
<div class="hs_email hs-email hs-fieldtype-text field hs-form-field"><label id="label-email-230c9049-7f32-4103-afb0-7c165de6f8f1" class="" placeholder="Enter your " for="email-230c9049-7f32-4103-afb0-7c165de6f8f1"><span></span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input id="email-230c9049-7f32-4103-afb0-7c165de6f8f1" name="email" required="" placeholder="Your email here*" type="email" class="hs-input" inputmode="email" autocomplete="email" value=""></div>
</div>
<div class="legal-consent-container">
<div class="hs-richtext">
<p>I agree to Cyberint's <a href="https://cyberint.com/terms-conditions/" target="_blank" rel="noopener">Terms of Use</a> and <a href="https://cyberint.com/privacy-policy/" target="_blank" rel="noopener">Privacy Policy</a></p>
</div>
<div>
<div class="hs-dependent-field">
<div class="hs_LEGAL_CONSENT.subscription_type_944128 hs-LEGAL_CONSENT.subscription_type_944128 hs-fieldtype-booleancheckbox field hs-form-field">
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input">
<ul class="inputs-list" required="">
<li class="hs-form-booleancheckbox"><label for="LEGAL_CONSENT.subscription_type_944128-230c9049-7f32-4103-afb0-7c165de6f8f1" class="hs-form-booleancheckbox-display"><input
id="LEGAL_CONSENT.subscription_type_944128-230c9049-7f32-4103-afb0-7c165de6f8f1" class="hs-input" type="checkbox" name="LEGAL_CONSENT.subscription_type_944128" value="true"><span>
<p>I agree to subscribe to receive updates from Cyberint</p><span class="hs-form-required">*</span>
</span></label></li>
</ul>
</div>
</div>
</div>
<legend class="hs-field-desc checkbox-desc" style="display: none;"></legend>
</div>
</div>
<div class="hs_submit hs-submit">
<div class="hs-field-desc" style="display: none;"></div>
<div class="actions"><input type="submit" class="hs-button primary large" value="Subscribe "></div>
</div><input name="hs_context" type="hidden"
value="{"embedAtTimestamp":"1722880660223","formDefinitionUpdatedAt":"1679496836482","legalConsentOptions":"{\"legitimateInterestSubscriptionTypes\":[944128],\"communicationConsentCheckboxes\":[{\"communicationTypeId\":944128,\"label\":\"<p>I agree to subscribe to receive updates&nbsp; from Cyberint</p>\",\"required\":true}],\"legitimateInterestLegalBasis\":\"LEGITIMATE_INTEREST_PQL\",\"communicationConsentText\":\"<p>I agree to Cyberint's <a href=\\\"https://cyberint.com/terms-conditions/\\\" target=\\\"_blank\\\" rel=\\\"noopener\\\">Terms of Use</a> and <a href=\\\"https://cyberint.com/privacy-policy/\\\" target=\\\"_blank\\\" rel=\\\"noopener\\\">Privacy Policy</a></p>\",\"processingConsentType\":\"IMPLICIT\",\"processingConsentCheckboxLabel\":\"<p>I agree</p>\",\"isLegitimateInterest\":false}","renderRawHtml":"true","userAgent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36","pageTitle":"New Vulnerability in R's Deserialization Discovered","pageUrl":"https://cyberint.com/blog/research/new-vulnerability-in-rs-deserialization-discovered/","isHubSpotCmsGeneratedPage":false,"contentType":"blog-post","hutk":"c8888cea4a8bacb7f5beda193071b479","__hsfp":1240600147,"__hssc":"206209484.1.1722880661555","__hstc":"206209484.c8888cea4a8bacb7f5beda193071b479.1722880661555.1722880661555.1722880661555.1","formTarget":"#hbspt-form-3e8e4047-6a50-4b1f-ba14-1aa64b60dd15","boolCheckBoxFields":"LEGAL_CONSENT.subscription_type_944128","rumScriptExecuteTime":414.3999938964844,"rumTotalRequestTime":965.1999969482422,"rumTotalRenderTime":1079.099998474121,"rumServiceResponseTime":550.8000030517578,"rumFormRenderTime":113.9000015258789,"connectionType":"4g","firstContentfulPaint":0,"largestContentfulPaint":0,"locale":"en","timestamp":1722880661566,"originalEmbedContext":{"portalId":"2034462","formId":"230c9049-7f32-4103-afb0-7c165de6f8f1","region":"na1","target":"#hbspt-form-3e8e4047-6a50-4b1f-ba14-1aa64b60dd15","isBuilder":false,"isTestPage":false,"isPreview":false,"isMobileResponsive":true},"correlationId":"3e8e4047-6a50-4b1f-ba14-1aa64b60dd15","renderedFieldsIds":["email","LEGAL_CONSENT.subscription_type_944128"],"captchaStatus":"NOT_APPLICABLE","emailResubscribeStatus":"NOT_APPLICABLE","isInsideCrossOriginFrame":false,"source":"forms-embed-1.5730","sourceName":"forms-embed","sourceVersion":"1.5730","sourceVersionMajor":"1","sourceVersionMinor":"5730","allPageIds":{},"_debug_embedLogLines":[{"clientTimestamp":1722880660456,"level":"INFO","message":"Retrieved pageContext values which may be overriden by the embed context: {\"pageTitle\":\"New Vulnerability in R's Deserialization Discovered\",\"pageUrl\":\"https://cyberint.com/blog/research/new-vulnerability-in-rs-deserialization-discovered/\",\"userAgent\":\"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36\",\"isHubSpotCmsGeneratedPage\":false}"},{"clientTimestamp":1722880660458,"level":"INFO","message":"Retrieved countryCode property from normalized embed definition response: \"DE\""},{"clientTimestamp":1722880661561,"level":"INFO","message":"Retrieved analytics values from API response which may be overriden by the embed context: {\"hutk\":\"c8888cea4a8bacb7f5beda193071b479\",\"contentType\":\"blog-post\"}"}]}"><iframe
name="target_iframe_230c9049-7f32-4103-afb0-7c165de6f8f1" style="display: none;"></iframe>
</form>
POST https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/2034462/58cec4e1-ef41-4080-8291-8ed3508d64be
<form id="hsForm_58cec4e1-ef41-4080-8291-8ed3508d64be_hs-form66b0e5bb77063" method="POST" accept-charset="UTF-8" enctype="multipart/form-data" novalidate=""
action="https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/2034462/58cec4e1-ef41-4080-8291-8ed3508d64be"
class="hs-form-private hsForm_58cec4e1-ef41-4080-8291-8ed3508d64be hs-form-58cec4e1-ef41-4080-8291-8ed3508d64be hs-form-58cec4e1-ef41-4080-8291-8ed3508d64be_4606037c-0e81-476b-ae99-74a4e4b710f9 hs-form stacked hs-custom-style"
target="target_iframe_58cec4e1-ef41-4080-8291-8ed3508d64be_hs-form66b0e5bb77063" data-instance-id="4606037c-0e81-476b-ae99-74a4e4b710f9" data-form-id="58cec4e1-ef41-4080-8291-8ed3508d64be" data-portal-id="2034462"
data-test-id="hsForm_58cec4e1-ef41-4080-8291-8ed3508d64be_hs-form66b0e5bb77063" data-hs-cf-bound="true">
<div class="hs_email hs-email hs-fieldtype-text field hs-form-field"><label id="label-email-58cec4e1-ef41-4080-8291-8ed3508d64be_hs-form66b0e5bb77063" class="" placeholder="Enter your Email"
for="email-58cec4e1-ef41-4080-8291-8ed3508d64be_hs-form66b0e5bb77063"><span>Email</span><span class="hs-form-required">*</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input id="email-58cec4e1-ef41-4080-8291-8ed3508d64be_hs-form66b0e5bb77063" name="email" required="" placeholder="Your email here" type="email" class="hs-input" inputmode="email" autocomplete="email" value=""></div>
</div>
<div class="legal-consent-container">
<div class="hs-richtext">
<p>I agree to Cyberint's <a href="https://cyberint.com/terms-conditions/" target="_blank" rel="noopener">Terms of Use</a> and <a href="https://cyberint.com/privacy-policy/" target="_blank" rel="noopener">Privacy Statement</a></p>
</div>
<div>
<div class="hs-dependent-field">
<div class="hs_LEGAL_CONSENT.subscription_type_944128 hs-LEGAL_CONSENT.subscription_type_944128 hs-fieldtype-booleancheckbox field hs-form-field">
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input">
<ul class="inputs-list" required="">
<li class="hs-form-booleancheckbox"><label for="LEGAL_CONSENT.subscription_type_944128-58cec4e1-ef41-4080-8291-8ed3508d64be_hs-form66b0e5bb77063" class="hs-form-booleancheckbox-display"><input
id="LEGAL_CONSENT.subscription_type_944128-58cec4e1-ef41-4080-8291-8ed3508d64be_hs-form66b0e5bb77063" class="hs-input" type="checkbox" name="LEGAL_CONSENT.subscription_type_944128" value="true"><span>
<p>I hereby agree to subscribe to received news, updates and offers from Cyberint. </p><span class="hs-form-required">*</span>
</span></label></li>
</ul>
</div>
</div>
</div>
<legend class="hs-field-desc checkbox-desc" style="display: none;"></legend>
</div>
</div>
<div class="hs_submit hs-submit">
<div class="hs-field-desc" style="display: none;"></div>
<div class="actions"><input type="submit" class="hs-button primary large" value="See for Yourself"></div>
</div><input name="hs_context" type="hidden"
value="{"embedAtTimestamp":"1722880660724","formDefinitionUpdatedAt":"1705474243150","lang":"en","legalConsentOptions":"{\"communicationConsentCheckboxes\":[{\"communicationTypeId\":944128,\"label\":\"<p>I hereby agree to subscribe to received news, updates and offers from Cyberint. </p>\",\"required\":true}],\"legitimateInterestLegalBasis\":\"LEGITIMATE_INTEREST_PQL\",\"communicationConsentText\":\"<p>I agree to Cyberint's <a href=\\\"https://cyberint.com/terms-conditions/\\\" target=\\\"_blank\\\" rel=\\\"noopener\\\">Terms of Use</a> and <a href=\\\"https://cyberint.com/privacy-policy/\\\" target=\\\"_blank\\\" rel=\\\"noopener\\\">Privacy Statement</a></p>\",\"processingConsentType\":\"IMPLICIT\",\"processingConsentCheckboxLabel\":\"<p>I agree</p>\",\"isLegitimateInterest\":false}","embedType":"REGULAR","userAgent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36","pageTitle":"New Vulnerability in R's Deserialization Discovered","pageUrl":"https://cyberint.com/blog/research/new-vulnerability-in-rs-deserialization-discovered/","isHubSpotCmsGeneratedPage":false,"contentType":"blog-post","hutk":"c8888cea4a8bacb7f5beda193071b479","__hsfp":1240600147,"__hssc":"206209484.1.1722880661555","__hstc":"206209484.c8888cea4a8bacb7f5beda193071b479.1722880661555.1722880661555.1722880661555.1","formTarget":"#hs-form66b0e5bb77063","formInstanceId":"hs-form66b0e5bb77063","boolCheckBoxFields":"LEGAL_CONSENT.subscription_type_944128","rumScriptExecuteTime":1118.2999954223633,"rumTotalRequestTime":1307.5,"rumTotalRenderTime":1338.3999938964844,"rumServiceResponseTime":189.20000457763672,"rumFormRenderTime":30.899993896484375,"connectionType":"4g","firstContentfulPaint":0,"largestContentfulPaint":0,"locale":"en","timestamp":1722880661574,"originalEmbedContext":{"portalId":"2034462","formId":"58cec4e1-ef41-4080-8291-8ed3508d64be","region":"na1","target":"#hs-form66b0e5bb77063","isBuilder":false,"isTestPage":false,"isPreview":false,"formInstanceId":"hs-form66b0e5bb77063","css":"","cssRequired":"","isMobileResponsive":true},"correlationId":"4606037c-0e81-476b-ae99-74a4e4b710f9","renderedFieldsIds":["email","LEGAL_CONSENT.subscription_type_944128"],"captchaStatus":"NOT_APPLICABLE","emailResubscribeStatus":"NOT_APPLICABLE","isInsideCrossOriginFrame":false,"source":"forms-embed-1.5730","sourceName":"forms-embed","sourceVersion":"1.5730","sourceVersionMajor":"1","sourceVersionMinor":"5730","allPageIds":{},"_debug_embedLogLines":[{"clientTimestamp":1722880660798,"level":"INFO","message":"Retrieved customer callbacks used on embed context: [\"onFormReady\",\"onFormSubmit\",\"onFormSubmitted\"]"},{"clientTimestamp":1722880660798,"level":"INFO","message":"Retrieved pageContext values which may be overriden by the embed context: {\"pageTitle\":\"New Vulnerability in R's Deserialization Discovered\",\"pageUrl\":\"https://cyberint.com/blog/research/new-vulnerability-in-rs-deserialization-discovered/\",\"userAgent\":\"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36\",\"isHubSpotCmsGeneratedPage\":false}"},{"clientTimestamp":1722880660800,"level":"INFO","message":"Retrieved countryCode property from normalized embed definition response: \"DE\""},{"clientTimestamp":1722880661568,"level":"INFO","message":"Retrieved analytics values from API response which may be overriden by the embed context: {\"hutk\":\"c8888cea4a8bacb7f5beda193071b479\",\"contentType\":\"blog-post\"}"}]}"><iframe
name="target_iframe_58cec4e1-ef41-4080-8291-8ed3508d64be_hs-form66b0e5bb77063" style="display: none;"></iframe>
</form>
Text Content
* * 05.08.2024'MuddyWater' Phishing Attack Targets Israelis with... * ╳ * Platform⌄ * Platform Lobby * * Attack Surface Management * Darkweb Threat Intelligence * Supply Chain Intelligence * Malware Intelligence * * Phishing Detection * Social Media Monitoring * Forensic Canvas * * Vulnerability Intelligence * Risk Intelligence Feeds * Dashboards and Reports * Services⌄ * Services Lobby * * Virtual Humint Operations * Deep Cyber Investigation * * Threat Landscape Analysis * Deep and Darkweb Monitoring * * Takedowns & Remediation * Attack Simulation * Solutions⌄ * BY USE CASE * Phishing * Attackware * Brand * Data Leakage * Fraud * BY INDUSTRY * Financial Services * Retail * Media & Gaming * Healthcare * Government Agencies * Oil and Gas * BY ROLE * CISO * Security Analyst * Marketing * Resources⌄ * Blog⌄ * Partners⌄ * * Grow with Cyberint * MSSP Program * Value Added Resellers * Technology Partners * OEM Partners * Become a Partner * Partner Login * Company⌄ * COMPANY * About Us * Careers * Events * Pricing * * Ransomania * Media Coverage * Press Releases * News Feed * CONTACT US * Talk to an Expert * Contact Us * Customer Support SupportRequest a Demo EN English 日本語 Español Deutsch Request a Demo * Platform⌄ * Platform Lobby * * Attack Surface Management * Darkweb Threat Intelligence * Supply Chain Intelligence * Malware Intelligence * * Phishing Detection * Social Media Monitoring * Forensic Canvas * * Vulnerability Intelligence * Risk Intelligence Feeds * Dashboards and Reports * Services⌄ * Services Lobby * * Virtual Humint Operations * Deep Cyber Investigation * * Threat Landscape Analysis * Deep and Darkweb Monitoring * * Takedowns & Remediation * Attack Simulation * Solutions⌄ * BY USE CASE * Phishing * Attackware * Brand * Data Leakage * Fraud * BY INDUSTRY * Financial Services * Retail * Media & Gaming * Healthcare * Government Agencies * Oil and Gas * BY ROLE * CISO * Security Analyst * Marketing * Resources⌄ * Blog⌄ * Partners⌄ * * Grow with Cyberint * MSSP Program * Value Added Resellers * Technology Partners * OEM Partners * Become a Partner * Partner Login * Company⌄ * COMPANY * About Us * Careers * Events * Pricing * * Ransomania * Media Coverage * Press Releases * News Feed * CONTACT US * Talk to an Expert * Contact Us * Customer Support Support EN English 日本語 Español Deutsch New Vulnerability in R’s Deserialization Discovered * Table of contents * What is R? * Impact * R Supply Chain Attacks * R Packages * Recommendations THE AUTHOR ADI BLEIH TABLE OF CONTENTS * What is R? * Impact * R Supply Chain Attacks * R Packages * Recommendations RELATED ARTICLES Research HOW BIG IS TOO BIG (OF A PASSWORD LIST)? AN ANALYSIS OF THE ROCKYOU2024 PASSWORD LEAK This most recent incarnation of the “RockYou” lists, dubbed “rockyou2024.txt”, has been uploaded. But how... Jul 11, 2024 Learn more Research CVE-2024-6387 – RCE VULNERABILITY IN OPENSSH A high-severity remote code execution (RCE) vulnerability, CVE-2024-6387, has been discovered in OpenSSH’s server Jul 3, 2024 Learn more Research NEW VULNERABILITY IN R’S DESERIALIZATION DISCOVERED May 2, 2024 Share: Share on Twitter Share on LinkedIn Security researchers have identified a vulnerability, CVE-2024-27322, in the R programming language that permits arbitrary code execution by deserializing untrusted data. This flaw can be exploited when loading RDS (R Data Serialization) files or packages, which are commonly shared among developers and data scientists. An attacker can craft malicious RDS files or packages containing embedded arbitrary R code, triggering execution on the victim’s device upon interaction. WHAT IS R? R is an open-source language and software environment for statistical computing, data visualization, and machine learning. With a robust core language and extensive library support, R is widely adopted, often as the primary language for statistics students. Due to its prowess in analyzing large datasets, its usage extends across industries like healthcare, finance, and government. Additionally, R has gained traction in AI/ML for handling complex data. The Comprehensive R Archive Network (CRAN) repository hosts over 20,000 packages, with R-forge boasting over 2,000 projects and 15,000 users. IMPACT The vulnerability arises from an error in the readRDS function, which is responsible for loading RDS and RDX files that transfer serialized R objects for processing. Serialization facilitates state capture and data exchange. RDS stores the state for a single object, while RDX with RDB enables data transfer for multiple objects. The issue lies in the RDS format’s support for PROMSXP object code, where uncomputed expressions are evaluated during deserialization using “eval,” potentially enabling arbitrary code execution by substituting expressions in RDS or RDX files. R SUPPLY CHAIN ATTACKS SHARING OBJECTS Upon investigating GitHub, our team uncovered that readRDS, a potential vector for exploiting this vulnerability, is referenced in over 135,000 R source files. Upon reviewing repositories, we discovered that a substantial portion of these usages involved untrusted, user-provided data, which could lead to a complete compromise of the system running the program. Notably, source files containing potentially vulnerable code were found in projects maintained by R Studio, Facebook, Google, Microsoft, AWS, and other major software vendors. R PACKAGES CVE-2024-27322 R packages facilitate sharing of compiled R code and data for statistical tasks. As of the time of writing, the CRAN package repository boasts 20,681 available packages. Anybody can upload packages to this repository, provided they meet certain criteria, such as containing specific files (e.g., a description) and passing automated checks (which do not currently assess this vulnerability). R packages utilize the RDS format to save and load data. During compilation of a package, two files are generated: * .rdb file: Contains serialized objects as binary blobs of data. * .rdx file: Includes metadata for each serialized object within the .rdb file, including their offsets When a package is loaded, metadata stored in RDS format within the .rdx file is utilized to locate objects within the .rdb file. These objects are then decompressed and deserialized, effectively loading them as RDS files. Consequently, R packages are susceptible to deserialization vulnerabilities and can be exploited in supply chain attacks via package repositories. An attacker can take over an R package by simply replacing the .rdx file with a maliciously crafted version. When the package is loaded, the code will execute automatically. Furthermore, if one of the core system packages (e.g., compiler) has been tampered with, the malicious code will execute upon R initialization. One particularly perilous aspect of this vulnerability is that instead of merely replacing the .rdx file, the exploit can be injected into any offset within the RDB file, rendering detection extremely challenging. RECOMMENDATIONS CERT Coordination Center (CERT/CC) has issued an advisory for CVE-2024-27322, cautioning against arbitrary code execution via malicious RDS or RDX files. * Update R to version 4.4.0 or later promptly. * Until then, avoid interaction with untrusted RDS files or packages to mitigate risks. * There is currently no public proof-of-concept or exploitation evidence available. Share on Facebook Share on Twitter Share on LinkedIn Share on WhatsApp Share by Email Attack Surface Reconnaissance Contact usSupport PLATFORM * Attack Surface Management * Darkweb Threat Intelligence * Deep & Dark Web * Forensic Canvas * Social Media Monitoring * Dashboard & Reports SOLUTIONS BY USE CASE * Phishing * Attackware * Brand Protection * Data Leakage * Fraud SERVICES * Virtual HumINT Operations * Deep Cyber Investigations * Threat Landscape Analysis * Attack Simulation * Takedowns & Remediation * 3rd Party Cyber Risk SOLUTIONS BY INDUSTRIES * Financial Services * Retail & eCommerce * Media and Gaming * Healthcare * Government Agencies * Oil and Gas * Manufacturing RESOURCES * Blog * Case Studies * Research * Videos * Brochures * Legal Terms * Ransomania SOLUTIONS BY ROLE * CISO * Security Analyst * Marketing Leaders COMPANY * About Us * Contact Us * Careers * Events * Media Coverage * Press Releases * News Feed PARTNER * Partner Portal * Grow with Cyberint * Cyberint MSSP Program * Cyberint Reseller Program * Technology Partners * OEM Partners SUBSCRIBE TO OUR NEWSLETTER I agree to Cyberint's Terms of Use and Privacy Policy * I agree to subscribe to receive updates from Cyberint * Cyberint Copyright © All Rights Reserved 2024 * CISO * Security Analyst * Marketing Leaders * English UNCOVER YOUR COMPROMISED CREDENTIALS FROM THE DEEP AND DARK WEB Fill in your business email to start Email* I agree to Cyberint's Terms of Use and Privacy Statement * I hereby agree to subscribe to received news, updates and offers from Cyberint. * By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. Cookies Settings Reject All Accept All Cookies PRIVACY PREFERENCE CENTER When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer. Allow All MANAGE CONSENT PREFERENCES FUNCTIONAL COOKIES Functional Cookies These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly. TARGETING COOKIES Targeting Cookies These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising. PERFORMANCE COOKIES Performance Cookies These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance. STRICTLY NECESSARY COOKIES Always Active These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information. Back Button COOKIE LIST Search Icon Filter Icon Clear checkbox label label Apply Cancel Consent Leg.Interest checkbox label label checkbox label label checkbox label label Reject All Confirm My Choices