Further information about the Museum of Science and Industry in Manchester, where the reception on day 2 of the workshop will take place, is now available. [2005-05-24]

Information about the technologies which will be available at the workshop is now available. This page describes the instant messaging environment and Wiki service which will be available during the event for use by workshop delegates who have brought a networked computer.

A sponsors page containing details of the sponsorship packages available has now been set up. Interested parties should contact the organisers. [2006-08-24]

Frequently asked questions about a zero-day vulnerability in Fortinet’s FortiManager that has reportedly been exploited in the wild.

Background

The Tenable Security Response Team (SRT) has compiled this blog to answer Frequently Asked Questions (FAQ) regarding a zero-day vulnerability in Fortinet’s FortiManager.

FAQ

What is FortiJump?

FortiJump is a name given to a zero-day vulnerability in the FortiGate-FortiManager (FGFM) protocol in Fortinet’s FortiManager and FortiManager Cloud. It was named by security researcher Kevin Beaumont in a blog post on October 22. Beaumont also created a logo for FortiJump.

What are the vulnerabilities associated with FortiJump?

On October 23, Fortinet published an advisory (FG-IR-24-423) for FortiJump, assigning a CVE identifier for the flaw.

What is CVE-2024-47575?

CVE-2024-47575 is a missing authentication vulnerability in the FortiGate to FortiManager (FGFM) daemon (fgfmsd) in FortiManager and FortiManager Cloud.

How severe is CVE-2024-47575?

Exploitation of FortiJump could allow an unauthenticated, remote attacker using a valid FortiGate certificate to register unauthorized devices in FortiManager. Successful exploitation would grant the attacker the ability to view and modify files, such as configuration files, to obtain sensitive information, as well as the ability to manage other devices.

Obtaining a certificate from a FortiGate device is relatively easy:

Comment
by from discussion
infortinet

According to results from Shodan, there are nearly 60,000 FortiManager devices that are internet-facing, including over 13,000 in the United States, over 5,800 in China, nearly 3,000 in Brazil and 2,300 in India:

When was FortiJump first disclosed?

There were reports on Reddit that Fortinet proactively notified customers using FortiManager about the flaw ahead of the release of patches, though some customers say they never received any notifications. Beaumont posted a warning to Mastodon on October 13:

Post by @GossiTheDog@cyberplace.social

View on Mastodon

Was this exploited as a zero-day?

Yes, according to both Beaumont and Fortinet, FortiJump has been exploited in the wild as a zero-day. Additionally, Google Mandiant published a blog post on October 23 highlighting its collaborative investigation with Fortinet into the “mass exploitation” of this zero-day vulnerability. According to Google Mandiant, they’ve discovered over 50 plus “potentially compromised FortiManager devices in various industries.”

Which threat actors are exploiting FortiJump?

Google Mandiant attributed exploitation activity to a new threat cluster called UNC5820, adding that the cluster has been observed exploiting the flaw since “as early as June 27, 2024.”

Is there a proof-of-concept (PoC) available for this vulnerability/these vulnerabilities?

As of October 23, there are no public proof-of-concept exploits available for FortiJump.

Are patches or mitigations available for FortiJump?

The following table contains a list of affected products, versions and fixed versions.

Fortinet’s advisory provides workarounds for specific impacted versions if patching is not feasible. These include blocking unknown devices from attempting to register to FortiManager, creating IP allow lists of approved FortiGate devices that can connect to FortiManager and the creation of custom certificates. Generally speaking, it is advised to ensure FGFM is not internet-facing.

Has Tenable released any product coverage for these vulnerabilities?

A list of Tenable plugins for this vulnerability can be found on the individual CVE page for CVE-2024-47575 as they’re released. This link will display all available plugins for this vulnerability, including upcoming plugins in our Plugins Pipeline.

Get more information

• Burning Zero Days: FortiJump FortiManager vulnerability used by nation state in espionage via MSPs
• FortiGuard Labs PSIRT FG-IR-24-423 Advisory

Join Tenable's Security Response Team on the Tenable Community.
Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

Montréal –The Canadian Securities Administrators (CSA) warns the public about investment schemes involving fraudulent websites that solicit investments in foreign exchange (often referred to as “forex”), binary options and/or crypto assets.

Montreal - The Canadian Securities Administrators (CSA) is warning the public to be vigilant for unsolicited communications that come from scammers posing as CSA staff or staff of CSA members.

Toronto – The Canadian Securities Administrators (CSA) is warning the public that Nova Tech Ltd (NovaTech), which operates the website www.novatechfx.com, is not registered with a securities regulator in any province or territory in Canada.

How do we find lasting, trusting, and fulfilling friendships? Is it by being popular? Dazzling others with your genius? Looking for that ultimate BFF? Hiding all your imperfections and trying hard to fit in? Deep and enduring friendships are essential to our psychological and physical well-being. Unfortunately, between bullying, social anxiety, peer pressure, and other issues, many teens feel isolated. In Dear Libby, trusted columnist Libby Kiszner offers a breakthrough approach to friendship and connection. You can create friendships from the inside out-rather than from the outside in. You can experience friendships with vibrant self-expression in every stage of life, making Dear Libby a book that can be read and reread at any age. Containing seven core principles, this life-changing resource not only explains the dynamics of connections and friendships but also gives practical tools to develop them. Integrating contemporary issues, timeless insight, real-life skills, and unique perspectives, Dear Libby provides a hands-on guide for dealing with everyday friendship struggles faced by teens today. Teens and readers of all ages will gain insight and understanding on how to make profound, joyful relationships possible. Find answers to real questions like: What should I do when people who are supposed to be my friends call me names or embarrass me? What should I do I do if I'm being ignored at school? What is the best way to handle loneliness? Someone just stole my friend. What can I do? What can I do when my friends get together and "forget" to invite me?

A father offers his advice, opinions, and the many useful stories gleaned from his past experiences in order to help his beloved daughter not only survive, but thrive in the dangerous and unpredictable world of young adulthood. From the pen of a former abused child, drug addict, womanizing frat boy, and suicidal depressive, comes forth the emotionally stirring account of a young man's battle with crippling inner demons and his eventual road to enlightenment. Peter Greyson calls upon his wisdom as both father and school teacher to gently lead teenage girls through a maze of truth, deception, and adolescent uncertainty. Greyson's literary style sparkles with a youthful enthusiasm that will capture your heart and provide boundless inspiration. Dear Lilly is a survival guide that offers the brutally honest male perspective to young women struggling for answers to life's deepest questions. Topics include: Boys lie What every guy wants from his girlfriend Tales from the drug world Everybody hurts High school exposed

Event Begins: Wednesday, November 13, 2024 11:00am
Location: Museum of Art
Organized By: University of Michigan Museum of Art (UMMA)

Following years of research into the Museum’s and University of Michigan’s relationships with Africa and African art collections, We Write To You About Africa is a complete reinstallation and doubling of the Museum’s space dedicated to African art. 

Featuring a wide range of artworks—from historic Yoruba and Kongo figures to contemporary works by African and African American artists, such as Sam Nhlengenthwa, Masimba Hwati, Jon Onye Lockard and Shani Peters—the exhibition directly addresses the complex and difficult histories inherent to African art collections in the Global North, including their entanglements with colonization and global efforts to repatriate African artworks to the continent.

Art collections, by their very nature, can not be anything other than subjective. With I Write To You About Africa, we examine the subjective ways UMMA and the University of Michigan as a whole have collected and presented art from and connected to the African diaspora.

Drawn from art collections across the U-M campus, a special section of the exhibition highlights how the founding of the Department of Afroamerican and African Studies (DAAS) and the African Studies Center (ASC) impacted U–M’s collecting practices. This section includes an exciting and ongoing project—contemporary African artists, scholars, and curators will be asked to write about their work on postcards, in their first language, and mail them to UMMA where they will be displayed alongside their works. 

We Write To You About Africa will be a reinstallation of the Museum’s Robert and Lillian Montalto Bohlen Gallery of African art and the connected Alfred A Taubman Gallery II. It is slated to open in 2021 and will be on view indefinitely.

Lead support for this exhibition is provided by the University of Michigan Office of the Provost, the Michigan Arts and Culture Council, and the African Studies Center.
 

On today's show, we're answering listener questions from the Planet Money inbox. Like, who really benefits from retail coupons? And why are goldfish so cheap?

Subscribe to Planet Money+ in Apple Podcasts or at plus.npr.org/planetmoney

Learn more about sponsor message choices: podcastchoices.com/adchoices

NPR Privacy Policy

Note: There is swearing in this episode.

In 2017, The University of Minnesota asked comedian Maria Bamford to give their commencement speech. But the University may not have known what it was in for. In her speech, Bamford told the crowd of graduates how much the university offered to pay her (nothing), her counteroffer ($20,000), and the amount they settled on ($10,000), which (after taxes and fees, etc.) she gave away to students in the audience to pay down their student loans.

Maria Bamford is a big believer in full disclosure of her finances, a philosophy she's adopted after decades in a Debtors Anonymous support group. In meetings, she learned important financial tips and tricks to go from thousands of dollars in debt to her current net worth of $3.5 million (a number which, true to her philosophy, she will share with anyone).

She spoke with us about her financial issues, how she recovered, and why she believes in total financial transparency, even when it makes her look kinda bad.

Disclaimer: Planet Money is not qualified or certified to give financial advice. And Maria is not a spokesperson for Debtors Anonymous in any way.

This show was hosted by Kenny Malone and Mary Childs. It was produced by Emma Peaslee, edited by Jess Jiang, fact-checked by Sierra Juarez, and engineered by Neisha Heinis. Alex Goldmark is Planet Money's executive producer.

Help support Planet Money and get bonus episodes by subscribing to Planet Money+ in Apple Podcasts or at plus.npr.org/planetmoney.

Learn more about sponsor message choices: podcastchoices.com/adchoices

NPR Privacy Policy

Would you say that you and your family are better off or worse off, financially, than you were a year ago? Do you think in 12 months we'll have good times, financially, or bad? Generally speaking, do you think now is a good time or a bad time to buy a house?

These are the kinds of questions baked into the Consumer Sentiment Index. And while the economy has been humming along surprisingly well lately, sentiment has stayed surprisingly low.

Today on the show: We are really bummed about the economy, despite the fact that unemployment and inflation are down. So, what gives? We talk to a former Fed economist trying to get to the heart of this paradox, and travel to Michigan to check in on the place where they check the vibes of the economy.

Help support Planet Money and get bonus episodes by subscribing to Planet Money+ in Apple Podcasts or at plus.npr.org/planetmoney.

Learn more about sponsor message choices: podcastchoices.com/adchoices

NPR Privacy Policy

We've lived amongst Elon Musk headlines for so long now that it's easy to forget just how much he sounds like a sci-fi character. He runs a space company and wants to colonize mars. He also runs a company that just implanted a computer chip into a human brain. And he believes there's a pretty high probability everything is a simulation and we are living inside of it.

But the latest Elon Musk headline-grabbing drama is less something out of sci-fi, and more something pulled from HBO's "Succession."

Elon Musk helped take Tesla from the brink of bankruptcy to one of the biggest companies in the world. And his compensation for that was an unprecedentedly large pay package that turned him into the richest person on Earth. But a judge made a decision about that pay package that set off a chain of events resulting in quite possibly the most expensive, highest stakes vote in publicly traded company history.

The ensuing battle over Musk's compensation is not just another wild Elon tale. It's a lesson in how to motivate the people running the biggest companies that – like it or not – are shaping our world. It's a classic economics problem with a very 2024 twist.

Help support Planet Money and hear our bonus episodes by subscribing to Planet Money+ in Apple Podcasts or at plus.npr.org/planetmoney.

Learn more about sponsor message choices: podcastchoices.com/adchoices

NPR Privacy Policy

Toronto, ON – Since 2005, Y Combinator (YC) has launched 1,200 startups which have a combined valuation of over $65 billion. Without the help of this seed accelerator, companies such as DoorDash, Code Academy and Thalmic Labs would have been lost. On Friday, January 20, 2017, YC will be inaugurating Accelerator Weekend with a panel led […]

In this hour, storytellers have to face the music. This episode is hosted by Suzanne Rust. The Moth Radio Hour is produced by The Moth and Jay Allison of Atlantic Public Media.

Hosted by: Suzanne Rust

Storytellers:

EJR David

Mary Furlong Coomer

Karen Kibaara

Colin Channer

Special delivery!—a Moth Radio Hour all about letters. At work, for romance, and to the Tooth Fairy. This episode is hosted by Moth Executive Producer, Sarah Austin Jenness. The Moth Radio Hour is produced by The Moth and Jay Allison of Atlantic Public Media.

Storytellers:

Meg Ferrill's letter is read aloud in her human sexuality class.

Danielle Dardashti is surprised by the severance letter she receives.

Matty Struski pens a letter in an attempt to win back his ex.

Lu Levin strikes up a correspondence with the Tooth Fairy.

Otis Gray gets a job writing rejection letters.

Stacey Perlman visits a medium, who knows of a letter to the great beyond.