cve

Krytyczna podatność w Fortinet FortiOS SSL-VPN (CVE-2022-42475)

By cert.pl
Published On :: Tue, 13 Dec 2022 17:00:00 +0100

Fortinet opublikował informację o krytycznej podatności CVE-2022-42475 pozwalającej na zdalne wykonanie kodu bez uwierzytelniania w module SSL-VPN (sslvpnd) dla FortiOS. Podatność była aktywnie wykorzystywana w atakach jeszcze zanim jej istnienie zostało ujawnione.


Full Article

cve

Aktywnie wykorzystywana krytyczna podatność w Microsoft Outlook (CVE-2023-23397)

By cert.pl
Published On :: Tue, 14 Mar 2023 22:00:00 +0100

Microsoft opublikował informację o krytycznej podatności CVE-2023-23397 w aplikacji Outlook na systemie Windows. Może ona prowadzić do zdalnego przejęcia hasła domenowego, bez interakcji użytkownika. Podatność była aktywnie używana w atakach przez jedną z rosyjskich grup APT od kwietnia 2022 roku, w tym w Polsce. Rekomendujemy podjęcie natychmiastowych działań we wszystkich organizacjach, których użytkownicy korzystają z poczty poprzez klienta Microsoft Outlook.


Full Article

cve

CERT Polska będzie współtworzył bazę podatności CVE

By cert.pl
Published On :: Tue, 01 Aug 2023 12:00:00 +0100

Od początku sierpnia CERT Polska jako jedyna instytucja w kraju i jeden z 7 CERT-ów w Europie może nadawać numery CVE, które służą identyfikacji i katalogowaniu publicznie ujawnionych podatności.


Full Article

cve

Aktywnie wykorzystywana krytyczna podatność w oprogramowaniu CISCO IOS XE (CVE-2023-20198)

By cert.pl
Published On :: Fri, 20 Oct 2023 14:00:00 +0100

Firma Cisco opublikowała informację o krytycznej podatności CVE-2023-20198 w funkcjonalności Web User Interface oprogramowania Cisco IOS XE. Luka umożliwia nieautoryzowanemu złośliwemu użytkownikowi utworzenie konta administratora z poziomu interfejsu użytkownika i przejęcie kontroli nad urządzeniem docelowym.


Full Article

cve

Program CVE – pierwszy rok za nami!

By cert.pl
Published On :: Thu, 01 Aug 2024 14:20:00 +0100

CERT Polska od roku ma status CNA (CVE Numbering Authority), co pozwala na nadawanie identyfikatorów i publikowanie informacji o podatnościach w programie CVE. W ciągu ostatnich 12 miesięcy nadaliśmy 73 takie identyfikatory podatnościom, także tym odkrytym w ramach naszych działań badawczych.


Full Article

cve

Genetec Becomes an Authorized CVE Numbering Authority

By www.sdmmag.com
Published On :: Fri, 24 Mar 2023 16:15:00 -0400

The Common Vulnerabilities and Exposures (CVE) Program has authorized Genetec as a CVE Numbering Authority (CNA) .


Full Article

cve

From Bugs to Breaches: 25 Significant CVEs As MITRE CVE Turns 25

By www.tenable.com
Published On :: Tue, 22 Oct 2024 11:11:11 -0400

Twenty five years after the launch of CVE, the Tenable Security Response Team has handpicked 25 vulnerabilities that stand out for their significance.

Background

In January 1999, David E. Mann and Steven M. Christey published the paper “Towards a Common Enumeration of Vulnerabilities” describing an effort to create interoperability between multiple vulnerability databases. To achieve a common taxonomy for vulnerabilities and exposures, they proposed Common Vulnerabilities and Exposures (CVE). In September 1999, the MITRE Corporation finalized the first CVE list, which included 321 records. CVE was revealed to the world the following month.

As of October 2024, there are over 240,000 CVEs. including many that have significantly impacted consumers, businesses and governments. The Tenable Security Response Team has chosen to highlight the following 25 significant vulnerabilities, followed by links to product coverage for Tenable customers to utilize.

25 Significant CVEs

CVE-1999-0211: SunOS Arbitrary Read/Write Vulnerability

Arbitrary ReadArbitrary WriteLocalCritical1999Why it’s significant: To our knowledge, there is no formally recognized “first CVE.” However, the GitHub repository for CVE.org shows that the first CVE submitted was CVE-1999-0211 on September 29, 1999 at 12:00AM. Because it was the first one, we’ve chosen to highlight it. The vulnerability was first identified in 1991 and a revised patch was issued in 1994.

CVE-2010-2568: Windows Shell Remote Code Execution Vulnerability

Remote Code ExecutionExploitedZero-DayLocalStuxnetHigh2010Why it’s significant: Regarded as one of the most sophisticated cyberespionage tools ever created, Stuxnet was designed to target SCADA systems in industrial environments to reportedly sabotage Iran's nuclear program. Stuxnet exploited CVE-2010-2568 as one of its initial infection vectors, spreading via removable drives. Once a compromised USB drive was inserted into a system, Stuxnet was executed automatically via the vulnerability, infecting the host machine, propagating to other systems through network shares and additional USB drives.

CVE-2014-0160: OpenSSL Information Disclosure Vulnerability

HeartbleedInformation DisclosureExploitedZero-DayNetworkCybercriminalsHigh2014Why it’s significant: Dubbed “Heartbleed” because it was found in the Heartbeat extension of OpenSSL, this vulnerability allows an attacker, without prior authentication, to send a malicious heartbeat request with a false length field, claiming the packet contains more data than it does. The receiving system would then return data from its memory extending beyond the legitimate request, which may include sensitive private data, such as server keys and user credentials. OpenSSL is used by millions of websites, cloud services, and even VPN software, for encryption, making Heartbleed one of the most widespread vulnerabilities at the time.

CVE-2014-6271: GNU Bash Shellshock Remote Code Execution Vulnerability

Shellshock Bash Bug Remote Code ExecutionExploitedZero-DayNetworkCybercriminalsCritical2014Why it’s significant: An attacker could craft an environment variable that contained both a function definition and additional malicious code. When Bash, a command interpreter used by Unix-based systems including Linux and macOS, processed this variable, it would execute the function, but also run the arbitrary commands appended after the function definition. “Shellshock” quickly became one of the most severe vulnerabilities discovered, comparable to Heartbleed’s potential impact. Attackers could exploit Shellshock to gain full control of vulnerable systems, leading to data breaches, service interruptions and malware deployment. The impact extended far beyond local systems. Bash is used by numerous services, particularly web servers, via CGI scripts to handle HTTP requests.

CVE-2015-5119: Adobe Flash Player Use After Free

Remote Code Execution Denial-of-ServiceExploitedZero-DayCybercriminalsAPT GroupsCritical2015Why it’s significant: Discovered during the Hacking Team data breach, it was quickly weaponized, appearing in multiple exploit kits. CVE-2015-5119 is a use-after-free flaw in Flash’s ActionScript ByteArray class, allowing attackers to execute arbitrary code by tricking users into visiting a compromised website. It was quickly integrated into attack frameworks used by Advanced Persistent Threat (APT) groups like APT3, APT18, and Fancy Bear (APT28). These groups, with ties to China and Russia, used the vulnerability to spy on and steal data from governments and corporations. Fancy Bear has been associated with nation-state cyber warfare, exploiting Flash vulnerabilities for political and military intelligence information gathering​. This flaw, along with several other Flash vulnerabilities, highlighted Flash’s risks, accelerating its eventual phase-out.

CVE-2017-11882: Microsoft Office Equation Editor Remote Code Execution Vulnerability

Remote Code ExecutionExploitedNetworkCybercriminalsAPT GroupsHigh2017Why it’s significant: The vulnerability existed for 17 years in Equation Editor (EQNEDT32.EXE), a Microsoft Office legacy component used to insert and edit complex mathematical equations within documents. Once CVE-2017-11882 became public, cybercriminals and APT groups included it in maliciously crafted Office files. It became one of 2018’s most exploited vulnerabilities and continues to be utilized by various threat actors including SideWinder.

CVE-2017-0144: Windows SMB Remote Code Execution Vulnerability

EternalBlueRemote Code ExecutionExploitedNetworkWannaCry NotPetyaHigh2017Why it’s significant: CVE-2017-0144 was discovered by the National Security Agency (NSA) and leaked by a hacker group known as Shadow Brokers, making it widely accessible. Dubbed “EternalBlue,” its capacity to propagate laterally through networks, often infecting unpatched machines without human interaction, made it highly dangerous. It was weaponized in the WannaCry ransomware attack in May 2017 and spread globally. It was reused by NotPetya, a data-destroying wiper originally disguised as ransomware. NotPetya targeted companies in Ukraine before spreading worldwide. This made it one of history’s costliest cyberattacks.

CVE-2017-5638: Apache Struts 2 Jakarta Multipart Parser Remote Code Execution Vulnerability

Remote Code ExecutionExploitedNetworkEquifax BreachCritical2017Why it’s significant: This vulnerability affects the Jakarta Multipart Parser in Apache Struts 2, a popular framework for building Java web applications. An attacker can exploit it by injecting malicious code into HTTP headers during file uploads, resulting in remote code execution (RCE), giving attackers control of the web server. CVE-2017-5638 was used in the Equifax breach, where personal and financial data of 147 million people was stolen, emphasizing the importance of patching widely-used frameworks, particularly in enterprise environments, to prevent catastrophic data breaches.

CVE-2019-0708: Remote Desktop Services Remote Code Execution Vulnerability

BlueKeep DejaBlue Remote Code ExecutionExploitedNetworkRansomware GroupsCybercriminalsCritical2019Why it’s significant: Dubbed "BlueKeep," this vulnerability in Windows Remote Desktop Services (RDS) was significant for its potential for widespread, self-propagating attacks, similar to the infamous WannaCry ransomware. An attacker could exploit this flaw to execute arbitrary code and take full control of a machine through Remote Desktop Protocol (RDP), a common method for remote administration. BlueKeep was featured in the Top Routinely Exploited Vulnerabilities list in 2022 and was exploited by affiliates of the LockBit ransomware group.

CVE-2020-0796: Windows SMBv3 Client/Server Remote Code Execution Vulnerability

SMBGhost EternalDarknessRemote Code ExecutionExploited NetworkCybercriminalsRansomware GroupsCritical2020Why it’s significant: Its discovery evoked memories of EternalBlue because of the potential for it to be wormable, which is what led to it becoming a named vulnerability. Researchers found it trivial to identify the flaw and develop proof-of-concept (PoC) exploits for it. It was exploited in the wild by cybercriminals, including the Conti ransomware group and its affiliates.

CVE-2019-19781: Citrix ADC and Gateway Remote Code Execution Vulnerability

Path TraversalExploitedNetworkAPT GroupsRansomware GroupsCybercriminalsCritical2019Why it’s significant: This vulnerability in Citrix Application Delivery Controller (ADC) and Citrix Gateway is significant due to its rapid exploitation by multiple threat actors, including state-sponsored groups and ransomware affiliates. By sending crafted HTTP requests, attackers could gain RCE and take full control of affected devices to install malware or steal data. The vulnerability remained unpatched for a month after its disclosure, leading to widespread exploitation. Unpatched systems are still being targeted today, highlighting the risk of ignoring known vulnerabilities.

CVE-2019-10149: Exim Remote Command Execution Vulnerability

Remote Command ExecutionExploitedNetworkAPT GroupsCybercriminalsCritical2019Why it’s significant: This vulnerability in Exim, a popular Mail Transfer Agent, allows attackers to execute arbitrary commands with root privileges simply by sending a specially crafted email. The availability of public exploits led to widespread scanning and exploitation of vulnerable Exim servers, with attackers using compromised systems to install cryptocurrency miners (cryptominers), launch internal attacks or establish persistent backdoors. The NSA warned that state-sponsored actors were actively exploiting this flaw to compromise email servers and gather sensitive information.

CVE-2020-1472: Netlogon Elevation of Privilege Vulnerability

ZerologonElevation of PrivilegeExploitedLocalRansomware GroupsAPT GroupsCybercriminalsCritical2020Why it’s significant: This vulnerability in the Netlogon Remote Protocol (MS-NRPC) allows attackers with network access to a Windows domain controller to reset its password, enabling them to impersonate the domain controller and potentially take over the entire domain. Its severity was underscored when Microsoft reported active exploitation less than two months after disclosure and the Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive to patch the flaw. Despite available patches, it continues to be exploited by ransomware groups, APT groups, and others, highlighting its broad and ongoing impact on network security.

CVE-2017-5753: CPU Speculative Execution Bounds Check Bypass Vulnerability

SpectreSpeculative Execution Bounds Check BypassLocalMedium2018Why it’s significant: In a speculative execution process, an idle microprocessor waiting to receive data speculates what the next instruction might be. Although meant to enhance performance, this process became a fundamental design flaw affecting the security of numerous modern processors. In Spectre’s case, an attacker-controlled process could read arbitrary memory belonging to another process. Since its discovery in January 2018, Spectre has affected nearly all modern processors from Intel, AMD and ARM. While it’s difficult to execute a successful Spectre attack, fully remediating the root cause is hard and requires microcode as well as operating system updates to mitigate the risk.

CVE-2017-5754: CPU Speculative Execution Rogue Data Cache Load Vulnerability

MeltdownSpeculative Execution Rogue Data Cache LoadLocalHigh2018Why it’s significant: Meltdown, another speculative execution vulnerability released alongside Spectre, can allow a userspace program to read privileged kernel memory. It exploits a race condition between the memory access and privilege checking while speculatively executing instructions. Meltdown impacts desktop, laptop and cloud systems and, according to researchers, may affect nearly every Intel processor released since 1995. With a wide reaching impact, both Spectre and Meltdown sparked major interest in a largely unexplored security area. The result: a slew of research and vulnerability discoveries, many of which were also given names and logos. While there’s no evidence of a successful Meltdown exploit, the discovery showcased the risk of security boundaries enforced by hardware.

CVE-2021-36942: Windows LSA Spoofing Vulnerability

PetitPotamSpoofingExploitedZero-DayNetworkRansomware GroupsHigh2021Why it’s significant: This vulnerability can force domain controllers to authenticate to an attacker-controlled destination. Shortly after a PoC was disclosed, it was adopted by ransomware groups like LockFile, which have chained Microsoft Exchange vulnerabilities with PetitPotam to take over domain controllers. Patched in the August 2021 Patch Tuesday release, the initial patch for CVE-2021-36942 only partially mitigated the issue, with Microsoft pushing general mitigation guidance for defending against NTLM Relay Attacks.

CVE-2022-30190: Microsoft Windows Support Diagnostic Tool Remote Code Execution

FollinaRemote Code ExecutionExploitedZero-DayLocalQakbot RemcosHigh2022Why it’s significant: Follina, a zero-day RCE vulnerability in MSDT impacting several versions of Microsoft Office, was later designated CVE-2022-30190. After public disclosure in May 2022, Microsoft patched Follina in the June 2022 Patch Tuesday. After disclosure, reports suggested that Microsoft dismissed the flaw’s initial disclosure as early as April 2022. Follina has been widely adopted by threat actors and was associated with some of 2021’s top malware strains in a joint cybersecurity advisory from CISA and the Australian Cyber Security Centre (ACSC), operating under the Australian Signals Directorate (ASD).

CVE-2021-44228: Apache Log4j Remote Code Execution Vulnerability

Log4ShellRemote Code ExecutionExploitedNetworkCybercriminalsAPT GroupsCritical2021Why it’s significant: Log4j, a Java logging library widely used across many products and services, created a large attack surface. The discovery of CVE-2021-44228, dubbed “Log4Shell,” caused great concern, as exploitation simply requires sending a specially crafted request to a server running a vulnerable version of Log4j. After its disclosure, Log4Shell was exploited in attacks by cryptominers, DDoS botnets, ransomware groups and APT groups including those affiliated with the Iranian Islamic Revolutionary Guard Corps (IRGC).

CVE-2021-26855: Microsoft Exchange Server Server-Side Request Forgery Vulnerability

ProxyLogonServer-Side Request Forgery (SSRF)ExploitedZero-DayNetworkAPT Groups Ransomware GroupsCybercriminalsCritical2021Why it’s significant: CVE-2021-26855 was discovered as a zero-day along with four other vulnerabilities in Microsoft Exchange Server. It was exploited by a nation-state threat actor dubbed HAFNIUM. By sending a specially crafted HTTP request to a vulnerable Exchange Server, an attacker could steal the contents of user mailboxes using ProxyLogon. Outside of HAFNIUM, ProxyLogon has been used by ransomware groups and other cybercriminals. Its discovery created a domino effect, as other Exchange Server flaws, including ProxyShell and ProxyNotShell, were discovered, disclosed and subsequently exploited by attackers.

CVE-2021-34527: Microsoft Windows Print Spooler Remote Code Execution Vulnerability

PrintNightmareRemote Code ExecutionExploitedLocalAPT GroupsRansomware GroupsCybercriminalsHigh2021Why it’s significant: This RCE in the ubiquitous Windows Print Spooler could grant authenticated attackers arbitrary code execution privileges as SYSTEM. There was confusion surrounding the disclosure of this flaw, identified as CVE-2021-34527 and dubbed “PrintNightmare.” Originally, CVE-2021-1675, disclosed in June 2021, was believed to be the real PrintNightmare. However, Microsoft noted CVE-2021-1675 is “similar but distinct” from PrintNightmare. Since its disclosure, several Print Spooler vulnerabilities were disclosed, while a variety of attackers, including the Magniber and Vice Society ransomware groups exploited PrintNightmare.

CVE-2021-27101: Accellion File Transfer Appliance (FTA) SQL Injection Vulnerability

SQL InjectionExploitedZero-DayNetworkRansomware GroupCritical2021Why it’s significant: The file transfer appliance from Accellion (now known as Kiteworks) was exploited as a zero-day by the CLOP ransomware group between December 2020 and early 2021. Mandiant, hired by Kiteworks to investigate, determined that CLOP (aka UNC2546) exploited several flaws in FTA including CVE-2021-27101. This was CLOP’s first foray into targeting file transfer solutions, as they provide an easy avenue for the exfiltration of sensitive data that can be used to facilitate extortion.

CVE-2023-34362: Progress Software MOVEit Transfer SQL Injection Vulnerability

SQL InjectionExploitedZero-DayNetworkRansomware GroupCritical2023Why it’s significant: CLOP’s targeting of file transfer solutions culminated in the discovery of CVE-2023-34362, a zero-day in Progress Software’s MOVEit Transfer, a secure managed file transfer software. CLOP targeted MOVEit in May 2023 and the ramifications are still felt today. According to research conducted by Emsisoft, 2,773 organizations have been impacted and information on over 95 million individuals has been exposed as of October 2024. This attack underscored the value in targeting file transfer solutions.

CVE-2023-4966: Citrix NetScaler and ADC Gateway Sensitive Information Disclosure Vulnerability

CitrixBleedInformation DisclosureExploitedZero-DayNetworkRansomware GroupsAPT GroupsCritical2023Why it’s significant: CVE-2023-4966, also known as “CitrixBleed,” is very simple to exploit. An unauthenticated attacker could send a specially crafted request to a vulnerable NetScaler ADC or Gateway endpoint and obtain valid session tokens from the device’s memory. These session tokens could be replayed back to bypass authentication, and would persist even after the available patches had been applied. CitrixBleed saw mass exploitation after its disclosure, and ransomware groups like LockBit 3.0 and Medusa adopted it.

CVE-2023-2868: Barracuda Email Security Gateway (ESG) Remote Command Injection Vulnerability

Remote Command InjectionExploitedZero-DayNetworkAPT GroupsCritical2023Why it’s significant: Researchers found evidence of zero-day exploitation of CVE-2023-2868 in October 2022 by the APT group UNC4841. While Barracuda released patches in May 2023, the FBI issued a flash alert in August 2023 declaring them “ineffective,” stating that “active intrusions” were being observed on patched systems. This led to Barracuda making an unprecedented recommendation for the “immediate replacement of compromised ESG appliances, regardless of patch level.”

CVE-2024-3094: XZ Utils Embedded Malicious Code Vulnerability

Embedded Malicious CodeZero-DayUnknown Threat Actor (Jia Tan)Critical2024Why it’s significant: CVE-2024-3094 is not a traditional vulnerability. It is a CVE assigned for a supply-chain backdoor discovered in XZ Utils, a compression library found in various Linux distributions. Developer Andres Freund discovered the backdoor while investigating SSH performance issues. CVE-2024-3094 highlighted a coordinated supply chain attack by an unknown individual that contributed to the XZ GitHub project for two and a half years, gaining the trust of the developer before introducing the backdoor. The outcome of this supply chain attack could have been worse were it not for Freund’s discovery.

Identifying affected systems

A list of Tenable plugins for these vulnerabilities can be found on the individual CVE pages:


Full Article

cve

CVE-2024-47575: Frequently Asked Questions About FortiJump Zero-Day in FortiManager and FortiManager Cloud

By www.tenable.com
Published On :: Wed, 23 Oct 2024 16:37:56 -0400

Frequently asked questions about a zero-day vulnerability in Fortinet’s FortiManager that has reportedly been exploited in the wild.

Background

The Tenable Security Response Team (SRT) has compiled this blog to answer Frequently Asked Questions (FAQ) regarding a zero-day vulnerability in Fortinet’s FortiManager.

Update October 23: The blog has been updated with new information about in-the-wild exploitation and threat actor activity associated with this vulnerability.

View Change Log

FAQ

What is FortiJump?

FortiJump is a name given to a zero-day vulnerability in the FortiGate-FortiManager (FGFM) protocol in Fortinet’s FortiManager and FortiManager Cloud. It was named by security researcher Kevin Beaumont in a blog post on October 22. Beaumont also created a logo for FortiJump.

What are the vulnerabilities associated with FortiJump?

On October 23, Fortinet published an advisory (FG-IR-24-423) for FortiJump, assigning a CVE identifier for the flaw.

CVEDescriptionCVSSv3
CVE-2024-47575FortiManager Missing authentication in fgfmsd Vulnerability9.8

What is CVE-2024-47575?

CVE-2024-47575 is a missing authentication vulnerability in the FortiGate to FortiManager (FGFM) daemon (fgfmsd) in FortiManager and FortiManager Cloud.

How severe is CVE-2024-47575?

Exploitation of FortiJump could allow an unauthenticated, remote attacker using a valid FortiGate certificate to register unauthorized devices in FortiManager. Successful exploitation would grant the attacker the ability to view and modify files, such as configuration files, to obtain sensitive information, as well as the ability to manage other devices.

Obtaining a certificate from a FortiGate device is relatively easy:

Comment
by from discussion
infortinet

 

According to results from Shodan, there are nearly 60,000 FortiManager devices that are internet-facing, including over 13,000 in the United States, over 5,800 in China, nearly 3,000 in Brazil and 2,300 in India:

When was FortiJump first disclosed?

There were reports on Reddit that Fortinet proactively notified customers using FortiManager about the flaw ahead of the release of patches, though some customers say they never received any notifications. Beaumont posted a warning to Mastodon on October 13:

 

Was this exploited as a zero-day?

Yes, according to both Beaumont and Fortinet, FortiJump has been exploited in the wild as a zero-day. Additionally, Google Mandiant published a blog post on October 23 highlighting its collaborative investigation with Fortinet into the “mass exploitation” of this zero-day vulnerability. According to Google Mandiant, they’ve discovered over 50 plus “potentially compromised FortiManager devices in various industries.”

Which threat actors are exploiting FortiJump?

Google Mandiant attributed exploitation activity to a new threat cluster called UNC5820, adding that the cluster has been observed exploiting the flaw since “as early as June 27, 2024.”

Is there a proof-of-concept (PoC) available for this vulnerability/these vulnerabilities?

As of October 23, there are no public proof-of-concept exploits available for FortiJump.

Are patches or mitigations available for FortiJump?

The following table contains a list of affected products, versions and fixed versions.

Affected ProductAffected VersionsFixed Version
FortiManager 6.26.2.0 through 6.2.12Upgrade to 6.2.13 or above
FortiManager 6.46.4.0 through 6.4.14Upgrade to 6.4.15 or above
FortiManager 7.07.0.0 through 7.0.12Upgrade to 7.0.13 or above
FortiManager 7.27.2.0 through 7.2.7Upgrade to 7.2.8 or above
FortiManager 7.47.4.0 through 7.4.4Upgrade to 7.4.5 or above
FortiManager 7.67.6.0Upgrade to 7.6.1 or above
FortiManager Cloud 6.46.4 all versionsMigrate to a fixed release
FortiManager Cloud 7.07.0.1 through 7.0.12Upgrade to 7.0.13 or above
FortiManager Cloud 7.27.2.1 through 7.2.7Upgrade to 7.2.8 or above
FortiManager Cloud 7.47.4.1 through 7.4.4Upgrade to 7.4.5 or above
FortiManager Cloud 7.6Not affectedNot Applicable

Fortinet’s advisory provides workarounds for specific impacted versions if patching is not feasible. These include blocking unknown devices from attempting to register to FortiManager, creating IP allow lists of approved FortiGate devices that can connect to FortiManager and the creation of custom certificates. Generally speaking, it is advised to ensure FGFM is not internet-facing.

Has Tenable released any product coverage for these vulnerabilities?

A list of Tenable plugins for this vulnerability can be found on the individual CVE page for CVE-2024-47575 as they’re released. This link will display all available plugins for this vulnerability, including upcoming plugins in our Plugins Pipeline.

Get more information

Change Log

Update October 23: The blog has been updated with new information about in-the-wild exploitation and threat actor activity associated with this vulnerability.

Join Tenable's Security Response Team on the Tenable Community.
Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.


Full Article

cve

Microsoft’s November 2024 Patch Tuesday Addresses 87 CVEs (CVE-2024-43451, CVE-2024-49039)

By www.tenable.com
Published On :: Tue, 12 Nov 2024 14:02:10 -0500

  1. 4Critical
  2. 82Important
  3. 1Moderate
  4. 0Low

Microsoft addresses 87 CVEs and one advisory (ADV240001) in its November 2024 Patch Tuesday release, with four critical vulnerabilities and four zero-day vulnerabilities, including two that were exploited in the wild.

Microsoft patched 87 CVEs in its November 2024 Patch Tuesday release, with four rated critical, 82 rated important and one rated moderate.

This month’s update includes patches for:

  • .NET and Visual Studio
  • Airlift.microsoft.com
  • Azure CycleCloud
  • Azure Database for PostgreSQL
  • LightGBM
  • Microsoft Exchange Server
  • Microsoft Graphics Component
  • Microsoft Office Excel
  • Microsoft Office Word
  • Microsoft PC Manager
  • Microsoft Virtual Hard Drive
  • Microsoft Windows DNS
  • Role: Windows Hyper-V
  • SQL Server
  • TorchGeo
  • Visual Studio
  • Visual Studio Code
  • Windows Active Directory Certificate Services
  • Windows CSC Service
  • Windows DWM Core Library
  • Windows Defender Application Control (WDAC)
  • Windows Kerberos
  • Windows Kernel
  • Windows NT OS Kernel
  • Windows NTLM
  • Windows Package Library Manager
  • Windows Registry
  • Windows SMB
  • Windows SMBv3 Client/Server
  • Windows Secure Kernel Mode
  • Windows Task Scheduler
  • Windows Telephony Service
  • Windows USB Video Driver
  • Windows Update Stack
  • Windows VMSwitch
  • Windows Win32 Kernel Subsystem

Remote code execution (RCE) vulnerabilities accounted for 58.6% of the vulnerabilities patched this month, followed by elevation of privilege (EoP) vulnerabilities at 29.9%.

Important

CVE-2024-43451 | NTLM Hash Disclosure Spoofing Vulnerability

CVE-2024-43451 is a NTLM hash spoofing vulnerability in Microsoft Windows. It was assigned a CVSSv3 score of 6.5 and is rated as important. An attacker could exploit this flaw by convincing a user to open a specially crafted file. Successful exploitation would lead to the unauthorized disclosure of a user’s NTLMv2 hash, which an attacker could then use to authenticate to the system as the user. According to Microsoft, CVE-2024-43451 was exploited in the wild as a zero-day. No further details about this vulnerability were available at the time this blog post was published.

This is the second NTLM spoofing vulnerability disclosed in 2024. Microsoft patched CVE-2024-30081 in its July Patch Tuesday release.

Important

CVE-2024-49039 | Windows Task Scheduler Elevation of Privilege Vulnerability

CVE-2024-49039 is an EoP vulnerability in the Microsoft Windows Task Scheduler. It was assigned a CVSSv3 score of 8.8 and is rated as important. An attacker with local access to a vulnerable system could exploit this vulnerability by running a specially crafted application. Successful exploitation would allow an attacker to access resources that would otherwise be unavailable to them as well as execute code, such as remote procedure call (RPC) functions.

According to Microsoft, CVE-2024-49039 was exploited in the wild as a zero-day. It was disclosed to Microsoft by an anonymous researcher along with Vlad Stolyarov and Bahare Sabouri of Google's Threat Analysis Group. At the time this blog post was published, no further details about in-the-wild exploitation were available.

Important

CVE-2024-49019 | Active Directory Certificate Services Elevation of Privilege Vulnerability

CVE-2024-49019 is an EoP vulnerability affecting Active Directory Certificate Services. It was assigned a CVSSv3 score of 7.8 and is rated as important. It was publicly disclosed prior to a patch being made available. According to Microsoft, successful exploitation would allow an attacker to gain administrator privileges. The advisory notes that “certificates created using a version 1 certificate template with Source of subject name set to ‘Supplied in the request’” are potentially impacted if the template has not been secured according to best practices. This vulnerability is assessed as “Exploitation More Likely” according to Microsoft’s Exploitability Index. Microsoft’s advisory also includes several mitigation steps for securing certificate templates which we highly recommend reviewing.

Important

CVE-2024-49040 | Microsoft Exchange Server Spoofing Vulnerability

CVE-2024-49040 is a spoofing vulnerability affecting Microsoft Exchange Server 2016 and 2019. It was assigned a CVSSv3 score of 7.5 and rated as important. According to Microsoft, this vulnerability was publicly disclosed prior to a patch being made available. After applying the update, administrators should review the support article Exchange Server non-RFC compliant P2 FROM header detection. The supplemental guide notes that as part of a “secure by default” approach, the Exchange Server update for November will flag suspicious emails which may contain “malicious patterns in the P2 FROM header.” While this feature can be disabled, Microsoft strongly recommends leaving it enabled to provide further protection from phishing attempts and malicious emails.

Critical

CVE-2024-43639 | Windows Kerberos Remote Code Execution Vulnerability

CVE-2024-43639 is a critical RCE vulnerability affecting Windows Kerberos, an authentication protocol designed to verify user or host identities. It was assigned a CVSSv3 score of 9.8 and is rated as “Exploitation Less Likely.”

To exploit this vulnerability, an unauthenticated attacker needs to leverage a cryptographic protocol vulnerability in order to achieve RCE. No further details were provided by Microsoft about this vulnerability at the time this blog was published.

Important

29 CVEs | SQL Server Native Client Remote Code Execution Vulnerability

This month's release included 29 CVEs for RCEs affecting SQL Server Native Client. All of these CVEs received CVSSv3 scores of 8.8 and were rated as “Exploitation Less Likely.” Successful exploitation of these vulnerabilities can be achieved by convincing an authenticated user into connecting to a malicious SQL server database using an affected driver. A full list of the CVEs are included in the table below.

CVEDescriptionCVSSv3
CVE-2024-38255SQL Server Native Client Remote Code Execution Vulnerability8.8
CVE-2024-43459SQL Server Native Client Remote Code Execution Vulnerability8.8
CVE-2024-43462SQL Server Native Client Remote Code Execution Vulnerability8.8
CVE-2024-48993SQL Server Native Client Remote Code Execution Vulnerability8.8
CVE-2024-48994SQL Server Native Client Remote Code Execution Vulnerability8.8
CVE-2024-48995SQL Server Native Client Remote Code Execution Vulnerability8.8
CVE-2024-48996SQL Server Native Client Remote Code Execution Vulnerability8.8
CVE-2024-48997SQL Server Native Client Remote Code Execution Vulnerability8.8
CVE-2024-48998SQL Server Native Client Remote Code Execution Vulnerability8.8
CVE-2024-48999SQL Server Native Client Remote Code Execution Vulnerability8.8
CVE-2024-49000SQL Server Native Client Remote Code Execution Vulnerability8.8
CVE-2024-49001SQL Server Native Client Remote Code Execution Vulnerability8.8
CVE-2024-49002SQL Server Native Client Remote Code Execution Vulnerability8.8
CVE-2024-49003SQL Server Native Client Remote Code Execution Vulnerability8.8
CVE-2024-49004SQL Server Native Client Remote Code Execution Vulnerability8.8
CVE-2024-49005SQL Server Native Client Remote Code Execution Vulnerability8.8
CVE-2024-49006SQL Server Native Client Remote Code Execution Vulnerability8.8
CVE-2024-49007SQL Server Native Client Remote Code Execution Vulnerability8.8
CVE-2024-49008SQL Server Native Client Remote Code Execution Vulnerability8.8
CVE-2024-49009SQL Server Native Client Remote Code Execution Vulnerability8.8
CVE-2024-49010SQL Server Native Client Remote Code Execution Vulnerability8.8
CVE-2024-49011SQL Server Native Client Remote Code Execution Vulnerability8.8
CVE-2024-49012SQL Server Native Client Remote Code Execution Vulnerability8.8
CVE-2024-49013SQL Server Native Client Remote Code Execution Vulnerability8.8
CVE-2024-49014SQL Server Native Client Remote Code Execution Vulnerability8.8
CVE-2024-49015SQL Server Native Client Remote Code Execution Vulnerability8.8
CVE-2024-49016SQL Server Native Client Remote Code Execution Vulnerability8.8
CVE-2024-49017SQL Server Native Client Remote Code Execution Vulnerability8.8
CVE-2024-49018SQL Server Native Client Remote Code Execution Vulnerability8.8
Important

CVE-2024-43602 | Azure CycleCloud Remote Code Execution Vulnerability

CVE-2024-43602 is a RCE vulnerability in Microsoft’s Azure CycleCloud, a tool that helps in managing and orchestrating High Performance Computing (HPC) environments in Azure. This flaw received the highest CVSSv3 score of the month, a 9.9 and was rated as important. A user with basic permissions could exploit CVE-2024-43602 by sending specially crafted requests to a vulnerable AzureCloud CycleCloud cluster to modify its configuration. Successful exploitation would result in the user gaining root permissions, which could then be used to execute commands on any cluster in the Azure CycleCloud as well as steal admin credentials.

Tenable Solutions

A list of all the plugins released for Microsoft’s November 2024 Patch Tuesday update can be found here. As always, we recommend patching systems as soon as possible and regularly scanning your environment to identify those systems yet to be patched.

For more specific guidance on best practices for vulnerability assessments, please refer to our blog post on How to Perform Efficient Vulnerability Assessments with Tenable.

Get more information

Join Tenable's Security Response Team on the Tenable Community.
Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.


Full Article

cve

Xen Security Advisory 464 v2 (CVE-2024-45819) - libxl leaks data to PVH guests via ACPI tables

By seclists.org
Published On :: Tue, 12 Nov 2024 12:08:00 GMT

Posted by Xen . org security team on Nov 12

Xen Security Advisory CVE-2024-45819 / XSA-464
version 2

libxl leaks data to PVH guests via ACPI tables

UPDATES IN VERSION 2
====================

Public release.

ISSUE DESCRIPTION
=================

PVH guests have their ACPI tables constructed by the toolstack. The
construction involves building the tables in local memory, which are
then copied into guest memory. While actually used...


Full Article

cve

Xen Security Advisory 463 v2 (CVE-2024-45818) - Deadlock in x86 HVM standard VGA handling

By seclists.org
Published On :: Tue, 12 Nov 2024 12:11:26 GMT

Posted by Xen . org security team on Nov 12

Xen Security Advisory CVE-2024-45818 / XSA-463
version 2

Deadlock in x86 HVM standard VGA handling

UPDATES IN VERSION 2
====================

Public release.

ISSUE DESCRIPTION
=================

The hypervisor contains code to accelerate VGA memory accesses for HVM
guests, when the (virtual) VGA is in "standard" mode. Locking involved
there has an unusual discipline, leaving...


Full Article

cve

CVE-2024-50386: Apache CloudStack: Directly downloaded templates can be used to abuse KVM-based infrastructure

By seclists.org
Published On :: Tue, 12 Nov 2024 14:25:57 GMT

Posted by Daniel Augusto Veronezi Salvador on Nov 12

Severity: important

Affected versions:

- Apache CloudStack 4.0.0 through 4.18.2.4
- Apache CloudStack 4.19.0.0 through 4.19.1.2

Description:

Account users in Apache CloudStack by default are allowed to register templates to be downloaded directly to the
primary storage for deploying instances. Due to missing validation checks for KVM-compatible templates in CloudStack
4.0.0 through 4.18.2.4 and 4.19.0.0 through 4.19.1.2, an attacker that...


Full Article

cve

Re: CVE-2024-36905: Linux kernel: Divide-by-zero on shutdown of TCP_SYN_RECV sockets

By seclists.org
Published On :: Tue, 12 Nov 2024 15:03:15 GMT

Posted by Solar Designer on Nov 12

NIST doesn't appear to provide their own CVSS vectors/scores lately.
However, they republish (with attribution) some third-party ones, this
time from CISA-ADP. The CISA-ADP CVSS vector for this vulnerability
specifies that it not only is network-reachable, but also that it has
High impact not only on Availability, but also on Confidentiality and
Integrity. This results in a CVSSv3.1 score of 9.8. Even merely
correcting the vector not to...


Full Article

cve

Re: CVE-2024-36905: Linux kernel: Divide-by-zero on shutdown of TCP_SYN_RECV sockets

By seclists.org
Published On :: Tue, 12 Nov 2024 16:42:28 GMT

Posted by Clemens Lang on Nov 12

Hi,

I think the source for the CISA-ADP data is at [1]. For this specific CVE, the relevant file would be [2]. Their readme
has a section at the bottom, where they encourage feedback:

I’m aware of at last one prior case where a similar case of (IMHO) overblown CVSS scores was discussed in an issue on
this particular GitHub project [3].

Somebody seems to already have opened a ticket for this CVE, too: [4]

[1]:...


Full Article

cve

RE: CVE-2024-36905: Linux kernel: Divide-by-zero on shutdown of TCP_SYN_RECV sockets

By seclists.org
Published On :: Tue, 12 Nov 2024 17:06:25 GMT

Posted by Joel GUITTET on Nov 12

Hello
First thanks to Alexander for reposting because I was not able to do so!
You're right Clemens, I have myself ask the question on this github
(https://github.com/cisagov/vulnrichment/issues/130), but still no information for the moment.
Joel


Full Article

cve

Re: Xen Security Advisory 464 v2 (CVE-2024-45819) - libxl leaks data to PVH guests via ACPI tables

By seclists.org
Published On :: Tue, 12 Nov 2024 17:24:43 GMT

Posted by Andrew Cooper on Nov 12

Data are leaked into the PVShim guest, but it is the shim Xen
(exclusively) which has access to the ACPI tables.

The guest which has been shim'd can't architecturally access the leaked
data.

~Andrew


Full Article

cve

Re: Xen Security Advisory 464 v2 (CVE-2024-45819) - libxl leaks data to PVH guests via ACPI tables

By seclists.org
Published On :: Tue, 12 Nov 2024 18:10:07 GMT

Posted by Demi Marie Obenour on Nov 12

Is this unconditional (perhaps because the relevant data gets zeroed out
by the shim), or does it only apply when the PV guest can't extract data
from the shim's memory? For instance, 32-bit PV guests aren't security
supported anymore, but the PV shim isn't supposed to rely on the
security of the shim itself, only of the rest of the system.


Full Article

cve

CVE-2024-52533: Buffer overflow in socks proxy code in glib < 2.82.1

By seclists.org
Published On :: Tue, 12 Nov 2024 18:13:22 GMT

Posted by Alan Coopersmith on Nov 12

Another CVE was issued by Mitre yesterday for another bug listed on
https://gitlab.gnome.org/Teams/Releng/security/-/wikis/home

https://gitlab.gnome.org/GNOME/glib/-/issues/3461 reports that:
"set_connect_msg() receives a buffer of size SOCKS4_CONN_MSG_LEN but it writes
up to SOCKS4_CONN_MSG_LEN + 1 bytes to it. This is because SOCKS4_CONN_MSG_LEN
doesn't account for the trailing nul character that set_connect_msg() appends...


Full Article

cve

SEC Consult SA-20241023-0 :: Authenticated Remote Code Execution in Multiple Xerox printers (CVE-2024-6333)

By seclists.org
Published On :: Tue, 29 Oct 2024 01:54:20 GMT

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Oct 28

SEC Consult Vulnerability Lab Security Advisory < 20241023-0 >
=======================================================================
title: Authenticated Remote Code Execution
product: Multiple Xerox printers
(EC80xx, AltaLink, VersaLink, WorkCentre)
 vulnerable version: see vulnerable versions below
fixed version: see solution section below
CVE number: CVE-2024-6333...


Full Article

cve

SEC Consult SA-20241030-0 :: Query Filter Injection in Ping Identity PingIDM (formerly known as ForgeRock Identity Management) (CVE-2024-23600)

By seclists.org
Published On :: Thu, 31 Oct 2024 17:02:17 GMT

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Oct 31

SEC Consult Vulnerability Lab Security Advisory < 20241030-0 >
=======================================================================
title: Query Filter Injection
product: Ping Identity PingIDM (formerly known as ForgeRock Identity
Management)
vulnerable version: v7.0.0 - v7.5.0 (and older unsupported versions)
fixed version: various patches; v8.0
CVE number:...


Full Article

cve

SEC Consult SA-20241112-0 :: Multiple vulnerabilities in Siemens Energy Omnivise T3000 (CVE-2024-38876, CVE-2024-38877, CVE-2024-38878, CVE-2024-38879)

By seclists.org
Published On :: Wed, 13 Nov 2024 03:43:50 GMT

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Nov 12

SEC Consult Vulnerability Lab Security Advisory < 20241112-0 >
=======================================================================
title: Multiple vulnerabilities
product: Siemens Energy Omnivise T3000
vulnerable version: >=8.2 SP3
fixed version: see solution section
CVE number: CVE-2024-38876, CVE-2024-38877, CVE-2024-38878, CVE-2024-38879
impact: High...


Full Article

cve

Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System

By thehackernews.com
Published On :: Tue, 05 Nov 2024 09:00:00 +0530

Google has warned that a security flaw impacting its Android operating system has come under active exploitation in the wild. The vulnerability, tracked as CVE-2024-43093, has been described as a privilege escalation flaw in the Android Framework component that could result in unauthorized access to "Android/data," "Android/obb," and "Android/sandbox" directories, and their respective


Full Article

cve

Trojan.Win32.CVE20188120.E

By www.trendmicro.com
Published On :: Thu, 01 Jul 2021 07:00:00 -0700

Threat type: Trojan

Aliases: Exploit:Win32/CVE-2018-8120.A (MICROSOFT)

Platforms: Windows

Overall Risk Rating: Low

Damage Potential: High

Distribution Potential: Low

Reported Infection: Low

Information Exposure: Low

Overview:

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It takes advantage of certain vulnerabilities.


Full Article

cve

Trojan.Win32.CVE20190808.A

By www.trendmicro.com
Published On :: Thu, 01 Jul 2021 07:00:00 -0700

Threat type: Trojan

Aliases: Win32:CVE-2019-0808-K [Expl] (AVAST)

Platforms: Windows

Overall Risk Rating: Low

Damage Potential: High

Distribution Potential: Low

Reported Infection: Low

Information Exposure: Low

Overview:

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It takes advantage of certain vulnerabilities.


Full Article

cve

Trojan.W97M.CVE202140444.A

By www.trendmicro.com
Published On :: Thu, 09 Sep 2021 07:00:00 -0700

Threat type: Trojan

Aliases: HEUR:Exploit.MSOffice.Agent.gen (KASPERSKY)

Platforms: Windows

Overall Risk Rating: Low

Damage Potential: High

Distribution Potential: Low

Reported Infection: Low

Information Exposure: Low

Overview:

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It takes advantage of certain vulnerabilities.


Full Article

cve

Grice III v. McVeigh

By feeds.findlaw.com
Published On :: 2017-09-29T08:00:00+00:00

(United States Second Circuit) - Reversing the decision of the US District Court denying the motion of police officers for qualified immunity in the arrest of a teenage train enthusiast who sued following his arrest while inspecting a train crossing because the police had reasonable suspicion, the actions of the officers did not amount to an arrest, and their other actions did not violate the law.


Full Article

cve

execve-core.c

By packetstormsecurity.com
Published On :: Tue, 08 Nov 2005 15:30:54 GMT

execve /bin/sh shellcode for Linux PPC. execve-core.s is appended.


Full Article

cve

Linux/x86 execve /bin/sh Shellcode

By packetstormsecurity.com
Published On :: Wed, 16 Oct 2019 14:52:09 GMT

25 bytes small Linux/x86 execve /bin/sh shellcode.


Full Article

cve

Linux/x86 execve(/bin/sh) Socket Reuse Shellcode

By packetstormsecurity.com
Published On :: Tue, 22 Oct 2019 17:18:16 GMT

42 bytes small Linux/x86 execve(/bin/sh) socket reuse shellcode.


Full Article

cve

Linux/x86 (NOT|ROT+8 Encoded) execve(/bin/sh) Null Free Shellcode

By packetstormsecurity.com
Published On :: Wed, 30 Oct 2019 15:58:06 GMT

47 bytes small Linux/x86 (NOT|ROT+8 Encoded) execve(/bin/sh) null free shellcode.


Full Article

cve

Linux/x86 Execve() Alphanumeric Shellcode

By packetstormsecurity.com
Published On :: Sat, 04 Jan 2020 13:02:22 GMT

66 bytes small Linux/x86 Execve() alphanumeric shellcode.


Full Article

cve

Linux/x86 Random Bytes Encoder + XOR/SUB/NOT/ROR execve(/bin/sh) Shellcode

By packetstormsecurity.com
Published On :: Thu, 09 Jan 2020 14:59:44 GMT

114 bytes small Linux/x86 random bytes encoder and XOR/SUB/NOT/ROR execve(/bin/sh) shellcode.


Full Article

cve

Linux/x64_86 Egghunter Execve Shellcode

By packetstormsecurity.com
Published On :: Fri, 24 Apr 2020 14:02:22 GMT

63 bytes small Linux/x64_86 dynamic egghunter shellcode that searches memory for 2 instances of the egg. When the eggs are found, the egghunter passes execution control to the payload at the memory address of the eggs. The payload is an execve(/bin/bash) shellcode.


Full Article

cve

Linux/x64_86 ROL Encoded Execve Shellcode

By packetstormsecurity.com
Published On :: Fri, 24 Apr 2020 14:44:44 GMT

57 bytes small Linux/x64_86 /bin/bash shellcode. The stub decodes the ROL Encoded shellcode. When the stub has finished decoding the payload, execution control is passed to the payload.


Full Article

cve

Ananya Panday, James McVey to face off against gruesome outcomes of online bullying

By feedproxy.google.com
Published On :: Fri, 08 May 2020 15:11:56 +0500

Ananya Panday joined James McVey to spread awareness against online bullying's detrimental impact


Full Article

cve

Investing in prevention: An ounce of CVE or a pound of counterterrorism?

By webfeeds.brookings.edu
Published On :: Fri, 06 May 2016 15:35:00 -0400


In the face of seemingly weekly terrorist attacks and reports that Islamic State affiliates are growing in number, political leaders are under pressure to take tougher action against ISIS and other violent extremist threats. Removing terrorists from the battlefield and from streets remains critical—President Obama announced last week that the United States will send 250 more special operations forces to Syria, for one, and other military, intelligence, and law enforcement efforts will be important. According to one assessment, the United States has spent $6.4 billion on counter-ISIS military operations since August 2014, with an average daily cost of $11.5 million. As a result of these and related efforts, the territory the Islamic State controls has been diminished and its leadership and resources degraded.

The more challenging task, however, may be preventing individuals from joining the Islamic State or future groups in the first place and developing, harnessing, and resourcing a set of tools to achieve this objective. Violent extremism is most likely to take root when communities do not challenge those who seek to radicalize others and can’t offer positive alternatives. Prevention is thus most effectively addressed by the communities themselves—mayors, teachers, social workers, youth, women, religious leaders, and mental health professionals—not national security professionals, let alone national governments. But it’s easier said than done for national governments to empower, train, and resource those communities. 

Political leaders around the globe are increasingly highlighting community engagement and the role of communities more broadly in a comprehensive counterterrorism strategy. States, however, continue to struggle with how to operationalize and sustain these elements of the strategy. 

Show us the money

First, there is the funding shortfall. Too many national governments continue not to provide local governments and communities with the resources needed to develop tailored community engagement programs to identify early signs of and prevent radicalization to violence. To take just one example of the disparity, the $11.5 million per day the United States spends on its military presence in Iraq is more than the $10 million the Department of Homeland Security was given this year to support grassroots countering violent extremism (CVE) efforts in the United States, and nearly twice as much as the State Department’s Bureau of Counterterrorism received this year to support civil society-led CVE initiatives across the entire globe. Although a growing number of countries are developing national CVE action plans that include roles for local leaders and communities, funding for implementation continues to fall short. Norway and Finland are two notable examples, and the situation in Belgium was well-documented following the March attacks in Brussels.

Prevention is thus most effectively addressed by the communities themselves...not national security professionals, let alone national governments.

At the international level, the Global Community Engagement and Resilience Fund (GCERF)—established in 2014 and modeled on the Global AIDS Fund to enable governments and private entities to support grassroots work to build resilience against violent extremism—has struggled to find adequate funding. GCERF offers a reliable and transparent mechanism to give grants and mentoring to small NGOs without the taint of government funding. Yet, despite the fact that “CVE” has risen to near the top of the global agenda, GCERF has only been able raise some $25 million from 12 donors—none from the private sector—since its September 2014 launch. This includes only $300,000 for a “rapid response fund” to support grassroots projects linked to stemming the flow of fighters to Iraq and Syria—presumably a high priority for the more than 90 countries that have seen their citizens travel to the conflict zone. The GCERF Board just approved more than half of the $25 million to support local projects in communities in the first three pilot countries—Bangladesh, Mali, and Nigeria. GCERF’s global ambitions, let alone its ability to provide funds to help sustain the projects in the three pilots or to support work in the next tranche of countries (Burma, Kenya, and Kosovo) are in jeopardy unless donors pony up more resources to support the kind approach—involving governments, civil society, and the private sector—that is likely needed to make progress on prevention over the long-term.

Go grassroots

Second, national governments struggle with how best to involve cities and local communities. Governments still have a traditional view of national security emanating from the capital. Although a growing number of governments are encouraging, and in some cases providing, some resources to support city- or community-led CVE programs, they have generally been reluctant to really bring sub-national actors into conversations about how to address security challenges. Some capitals, primarily in Western Europe, have created national-level CVE task forces with a wide range of voices. Others, like the United States, have stuck with a model that is limited to national government—and primarily law enforcement—agencies, thus complicating efforts to involve and build durable partnerships with the local actors, whether mayors, community leaders, social workers, or mental health officials, that are so critical to prevention efforts. 

Some members of the target communities remain skeptical of government-led CVE initiatives, sometimes believing them to be a ruse for intelligence gathering or having the effect of stigmatizing and stereotyping certain communities. As debates around the FBI’s Shared Responsibilities Committees show, there are high levels of mistrust between the government—particularly law enforcement—and local communities. This can complicate efforts to roll out even well-intentioned government-led programs aimed at involving community actors in efforts to prevent young people from joining the Islamic State. The trouble is, communities are largely dependent on government support for training and programming in this area (with a few exceptions). 

To their credit, governments increasingly recognize that they—particularly at the national level—are not the most credible CVE actors, whether on- or off-line, within the often marginalized communities they are trying to reach. They’re placing greater emphasis on identifying and supporting more credible local partners, instead, and trying to get out of the way. 

Invest now, see dividends later

On the positive side of the ledger, even with the limited resources available, new (albeit small-scale) grassroots initiatives have been developed in cities ranging from Mombasa to Maiduguri and Denver to Dakar. These are aimed at building trust between local police and marginalized groups, creating positive alternatives for youth who are being targeted by terrorist propaganda, or otherwise building the resilience of the community to resist the siren call of violent extremism. 

Perhaps even more promising, new prevention-focused CVE networks designed to connect and empower sub-national actors—often with funds, but not instructions, from Western donors—are now in place. These platforms can pool limited resources and focus on connecting and training the growing number of young people and women working in this area; the local researchers focused on understanding local drivers of violent extremism and what has worked to stem its tide in particular communities; and mayors across the world who will gather next month for the first global Strong Cities Network summit. Much like GCERF, these new platforms will require long-term funding—ideally from governments, foundations, and the private sector—to survive and deliver on their potential. 

Somewhat paradoxically, while the United States (working closely with allies) has been at the forefront of efforts to develop and resource these platforms overseas and to recognize the limits of a top-down approach driven by national governments, similar innovations have yet to take root at home. More funding and innovation, both home and abroad, can make a huge difference. For example, it could lead to more community-led counter-narrative, skills-building, or counselling programs for young people at risk of joining the Islamic State. It could also help build trust between local police and the communities they are meant to serve, lead to more training of mainstream religious leaders on how to use social media to reach marginalized youth, as well as empower young filmmakers to engage their peers about the dangers of violent extremism. And national prevention networks that aren’t limited to just government officials can help support and mentor communities looking to develop prevention or intervention programs that take local sensitivities into account. Without this kind of rigorous effort, the large sums spent on defeating terrorism will not pay the dividends that are badly needed. 

Authors

     
 
 


Full Article

cve

CVE’s relevance and challenges: Central Asia as surprising snapshot

By webfeeds.brookings.edu
Published On :: Tue, 07 Jan 2020 20:01:50 +0000

       


Full Article

cve

The McVegan burger is now for sale, but only in Finland

By www.treehugger.com
Published On :: Sat, 07 Oct 2017 16:17:00 -0400

Veganism must be making serious inroads into society if McDonald's, king of industrial meat, is jumping into soy patties.


Full Article

cve

150,000 McVegan burgers sold in January

By www.treehugger.com
Published On :: Thu, 15 Feb 2018 06:38:00 -0500

It's obvious people want more plant-based foods, even when they are at a fast food joint.


Full Article

cve

Ananya Panday and The Vamps' guitarist James McVey work towards stopping social media bullying

By www.mid-day.com
Published On :: 7 May 2020 07:37:57 GMT

Ananya Panday and The Vamps' guitarist James McVey are coming together to raise awareness about social media bullying. The live session will be hosted on May 8 on Instagram.

The actor says, "Social media bullying is an evil that people face every day on the numerous platforms that they use in their daily lives. I'm glad that James McVey and I will be fighting this evil together in our own small way."

Ananya further said, "The world is going through a tough time and it is even more important to be kind to everyone and spread positivity." The session is being put together by the actor's initiative, So Positive, which aims to negate the spread of social media bullying.

McVey added, "During this difficult time, we find ourselves using social media more than ever. Regardless of where you live or your background, it's important to remember that you are never alone. Millions of others are going through the same traumatic experience and I believe together we further the conversation and join the fight to end bullying. I'm looking forward to speaking with Ananya on 'So Positive' to learn more about her experiences."

Catch up on all the latest entertainment news and gossip here. Also, download the new mid-day Android and iOS apps.

Mid-Day is now on Telegram. Click here to join our channel (@middayinfomedialtd) and stay updated with the latest news


Full Article

cve

Ananya Panday and The Vamps' James McVey to get vocal on cyber bullying

By
Published On :: Wed, 06 May 2020 08:56:17 GMT

In a first of its kind international venture, youth icons Ananya Panday and international songwriter and guitarist from The Vamps band - James McVey - are all set to come together on the former’s ‘So Positive’ platform to raise awareness about social media bullying. The live session will be hosted on 8th May 2020 at 7 pm.

James McVey, the lead guitarist, and songwriter of the internationally renowned British band The Vamps, is known globally for spreading social media positivity. The coming together of the two, Panday and McVey, marks a collaboration that goes beyond the confines of language and geography to attain more awareness on the issue. The statistics are proof of how teenagers and children are the most affected in this digital era. The number of platforms accessible to the population across the world are increasing with every passing day. This collaboration would be extremely insightful in terms of shedding light on this issue and help individuals dealing with social media bullying.

Sharing his experience James McVey said, “During this difficult time we find ourselves using social media more than ever. When I was at the receiving end of bullying I felt isolated and alone. Regardless of where you live or your background, it’s important to remember that you are never alone. Millions of others are going through the same traumatic experience and I believe together we further the conversation and join the fight to end bullying. I’m looking forward to speaking with Ananya on ‘So Positive’ to learn more about her experiences.”

Ananya Panday shares, "Social media bullying is an evil that people face every day on the numerous platforms that they use in their daily lives. I’m glad that James McVey and I will be fighting this evil together in our own small way. The world is going through a difficult time, currently and it is even more important than ever to be kind to everyone around and spread positivity. So Positive has been creating awareness through different ways and our aim continues to be to negate the spread of social media bullying by spreading positivity all across. I’m really looking forward to this insightful exchange with James”.

So Positive is a cause taken up by Ananya which is backed with substantial data, research, and behavioural statistics. The initiative aims at creating and spreading awareness about social media bullying. Its prime focus is to make people aware of the fact that this issue exists and stays very prevalent in society. Also, the steps that can be taken by the recipients of this destructive criticism in order to deal with this.

ALSO READ: Ananya Panday says Vijay Deverakonda is humble and grounded despite being a huge star


Full Article

cve

Gaz Beadle's fiancée Emma McVey admits they're 'going through hell at the minute'

By www.dailymail.co.uk
Published On :: Thu, 09 Jan 2020 09:06:57 GMT

The model, 27, admitted that they are going 'through hell at the minute' as Primrose is suffering from 'stomach problems' and has had six hospital appointments.


Full Article

cve

Gaz Beadle and his fiancée Emma McVey reveal their baby girl Primrose is back in hospital for tests

By www.dailymail.co.uk
Published On :: Fri, 17 Jan 2020 01:05:21 GMT

The doting dad, 31, shared an update with his fans on Thursday night explaining that his one-month-old daughter Primrose Ivy was poorly again and he was 'praying for answers'.


Full Article

cve

Esther McVey 'blames GMTV Labour cabal for her feud with Lorraine Kelly' 

By www.dailymail.co.uk
Published On :: Thu, 13 Jun 2019 06:17:19 GMT

Conservative leadership candidate Esther McVey and Lorraine Kelly have made headlines after Kelly appeared to snub her former GMTV colleague live on air when she was on Good Morning Britain.


Full Article

cve

Ananya Pandey Collaborates With Guitarist James McVey To Raise Awareness About Cyber Bullying

By www.news18.com
Published On :: Wed, 6 May 2020 04:54:39 +0530

Actress Ananya Pandey will be collaborating with The Vamps' guitarist James McVey to talk about cyber bullying through her campaign 'So Positive'.


Full Article

cve

Jurisprudence of jurisdiction / edited by Shaun McVeigh

By prospero.murdoch.edu.au
Published On ::


Full Article

cve

2019 IEEE International Conference on Connected Vehicles and Expo (ICCVE) [electronic journal].

By encore.st-andrews.ac.uk
Published On ::

IEEE / Institute of Electrical and Electronics Engineers Incorporated


Full Article