Sophia Antipolis, 26 August 2020

The ETSI IP6 Industry Specification Group has just released a White Paper on the lessons learned from IPv6 best practices, use cases, benefits and deployment challenges. This White Paper puts forward recommendations to ease the adoption of IPv6 and to motivate the industry for the upcoming large-scale deployment of IoT, 4G/5G, IoT Cloud Computing benefiting from the restoration of the end to-end model.

Read More...

ETSI Mission Critical Plugtests to drive Future Railway Mobile Communication System

Sophia Antipolis, 10 September 2020

ETSI, with the support of the European Commission, EFTA, TCCA and UIC, is organizing its fifth MCX Plugtests^TM event. The remote-only event will take place from 21 September to 2 October 2020. Pre-testing started on 31 August to debug any connectivity issues before the main event.

Read More...

ETSI White Paper and webinar map the way forward with IPv6

Sophia Antipolis, 21 September

An ETSI webinar has examined the global status of IPv6 (Internet Protocol version 6) with discussions on deployment, industrial applications, transition solutions and progress on standardization.

Read More...

ETSI Fifth Generation Fixed Network White Paper paves the way for Fibre to Everywhere and Everything

Sophia Antipolis, 30 September 2020

The ETSI ISG F5G (Fifth Generation Fixed Network) has released a White Paper that sets the scene for the evolution of on-premise, fixed access, and aggregation networks. In this White Paper, ETSI presents the vision, value, use cases, features, and technologies of F5G, aiming to foster a global effort to realize its full potential.

Read More...

World Standards Day 2020: STANDARDS ARE ESSENTIAL TO PROTECT THE PLANET

On 14 October 2020, CEN, CENELEC and ETSI, the three official European Standardization Organizations, join the international standardization community in celebrating World Standards Day. By focusing on the environment, this year’s edition aims to raise awareness on the potential of standards to help tackle the climate crisis.

Read More...

ETSI Report Paves the Way for First World Standards in Securing Artificial Intelligence

Sophia Antipolis, 19 January 2021

The ETSI Securing Artificial Intelligence Industry Specification Group (SAI ISG) last month released its first Group Report, ETSI GR SAI 004, which gives an overview of the problem statement regarding the securing of AI. ETSI SAI is the first standardization initiative dedicated to securing AI.

The Report describes the problem of securing AI-based systems and solutions, with a focus on machine learning, and the challenges relating to confidentiality, integrity and availability at each stage of the machine learning lifecycle. It also points out some of the broader challenges of AI systems including bias, ethics and ability to be explained. A number of different attack vectors are outlined, as well as several cases of real-world use and attacks.

Read More...

ETSI announces first interoperability event for future railway communication

Sophia Antipolis, 19 April 2021

ETSI has announced that its Future Railway Mobile Communication System (FRMCS) Plugtests™ event will take place from 14 to 18 June 2021. Over 20 vendors and more than 80 participants will participate.

Read More...

ETSI's Director-General speaks of the future of railway mobile communication systems at COIT event

Sophia Antipolis, 28 June 2021

On 23 June, as part of the commemoration of the European Year of Rail, the COIT Smart Railways Working Group conducted an online session to publicise the features and advantages of the FRMCS (Future Railway Mobile Communication System). This system will replace the current GSM-R and technologically mark the next decades of a means of transport that is living its best moment.

Read More...

ETSI IPE releases the first IPv6 Enhanced Innovation Report, helping global industry players to reach consensus

Sophia Antipolis, 15 October 2021

ETSI is pleased to announce the first ETSI IPv6 Enhanced Innovation (IPE) report ETSI GR IPE 001 “IPv6 Enhanced Innovation: Gap Analysis”. Jointly compiled by 15 leading IP industry players, this report comprehensively analyzes gaps based on requirements created by the new use cases and services like 5G and the cloud, to accelerate IPv6 deployment and innovations, and identifies recommendations of new features of the IPv6 enhanced innovations, paving the way for a consensus to be reached among global IP industry players.

Read More...

ETSI celebrates International Women’s Day

Sophia Antipolis, 8 March 2022

Diversity, equity, and inclusiveness are key pillars of the ETSI community. ETSI is committed to help raise awareness of the value of gender diversity and we wanted to highlight the people behind our standards: #TheStandardsPeople.

To start this campaign and to mark International Women’s Day, we dedicate the month of March to showcase our female contributors.

Read More...

ETSI’s world-first standard to secure consumer IoT devices is extended to Home Gateways

Sophia Antipolis, 7 April 2022

ETSI is pleased to announce a new cyber security specification for Home Gateways, called ETSI TS 103 848 and developed by the CYBER Technical Committee. Adapted from the provisions of the world-first standard to secure consumer IoT devices, EN 303 645, this technical specification will secure physical devices between the in-home network and the public network, as well as the traffic between these networks.

Read More...

ETSI celebrates World Standards Day with ETSI Standards for a Better World

Sophia Antipolis, 14 October 2022

Today ETSI is joining the international standardization community in celebrating World Standards Day. This year’s edition focuses on a “shared vision for a better world”, where the UN Sustainable Development Goals (SDGs) are key enablers. Standards help to reach these goals.

At ETSI, we have decided to showcase six of our recently released ICT standards which help citizens to live in a better world, giving concrete examples of how people and the planet benefit from standards, and how they are aligned with the SDGs.

Read More...

ETSI signs MoU with the French organization for railway standardization

Sophia Antipolis, 24 October 2022

ETSI and the Bureau de normalisation ferroviaire (BNF), the French organization for railway standardization, have just signed a Memorandum of Understanding to structure and strengthen their relationship.

Read More...

ETSI TeraFlowSDN Wins Layer123 Network Transformation ‘Upstart of the Year’ Award

Sophia Antipolis, 7 December 2022

The ETSI TeraFlowSDN group (ETSI TFS), launched only six months ago, has won the ‘Upstart of the Year’ award at the Layer123 Network Transformation Awards ceremony, held at the prestigious Berkley Hotel in Knightsbridge, London, last night. This award also recognizes the ETSI strategy to provide new software development tools and practices to an evolving standardization ecosystem.

Read More...

Sophia Antipolis, 3 July 2023

ETSI is starting today its 3rd FRMCS (Future Railway Mobile Communication System) Plugtests™ event. GSM-R is one of the main standards for railway telecommunication services. It is developed and maintained by the ETSI Technical Committee Railway Telecommunications. With the increased need for more throughput, higher capacity and flexible deployment options, FRMCS is being developed based on 3GPP Mission Critical Services.

Read More...

Sophia Antipolis, 5 July 2024

ETSI is pleased to announce the successful conclusion of the FRMCS #4 Plugtests event, held at Sophia Antipolis, ETSI HQ, from July 1 – 5, 2024. This event brought together key stakeholders, including railway operators, telecom vendors, system integrators, and industry experts worldwide. ETSI organized the event with the support of the European Union, EFTA, TCCA-Critical Communications, and UIC— International Union of Railways.

Read More...

Starts: Wed, 13 Nov 2024 20:00:00 -0500
11/13/2024 06:00:00PM
Location: New York, U. S. A.

Starts: Mon, 25 Nov 2024 20:00:00 -0500
11/25/2024 05:30:00PM
Location: Montreal, Canada

Starts: Tue, 26 Nov 2024 20:00:00 -0500
11/26/2024 06:00:00PM
Location: Toronto, Canada

Starts: Sat, 30 Nov 2024 20:00:00 -0500
11/30/2024 05:00:00PM
Location: Lac-Brome (Knowlton), Canada

Starts: Tue, 03 Dec 2024 19:30:00 -0500
12/03/2024 07:30:00PM
Location: Happy Valley, Hong Kong (china)

Starts: Sat, 07 Dec 2024 13:30:00 -0500
12/07/2024 11:30:00AM
Location: Los Angeles, U. S. A.

Starts: Sun, 08 Dec 2024 18:30:00 -0500
12/08/2024 04:30:00PM
Location: San Mateo, U. S. A.

Starts: Tue, 10 Dec 2024 19:00:00 -0500
12/10/2024 05:00:00PM
Location: Vancouver, Canada

Starts: Wed, 11 Dec 2024 19:00:00 -0500
12/11/2024 05:00:00PM
Location: Vancouver, Canada

Starts: Wed, 11 Dec 2024 22:00:00 -0500
12/11/2024 06:00:00PM
Location: Ottawa, Canada

Starts: Thu, 12 Dec 2024 21:00:00 -0500
12/12/2024 07:00:00PM
Location: New York, U. S. A.

Starts: Sat, 30 Nov 2024 19:00:00 -0500
<div>Join us for a magical evening of holiday cheer at the <b>McGill Alumni Association of Calgary</b>'s <b>Holiday Soirée</b>!</div><div><br /></div><div>Immerse yourself in the historic ambiance of Lougheed House as we celebrate the season with festive decorations, delightful canapés, and a cash bar.&nbsp;</div><div><br /></div><div>This is your chance to dress up, socialize, make new friends, and reconnect with old ones-all while enjoying a fun evening with our community. <br /><br /></div><div><i>Get ready to be enchanted by the spirit of the holidays! <br /></i></div>
Location: Calgary, Canada

Frequently asked questions about a zero-day vulnerability in Fortinet’s FortiManager that has reportedly been exploited in the wild.

Background

The Tenable Security Response Team (SRT) has compiled this blog to answer Frequently Asked Questions (FAQ) regarding a zero-day vulnerability in Fortinet’s FortiManager.

FAQ

What is FortiJump?

FortiJump is a name given to a zero-day vulnerability in the FortiGate-FortiManager (FGFM) protocol in Fortinet’s FortiManager and FortiManager Cloud. It was named by security researcher Kevin Beaumont in a blog post on October 22. Beaumont also created a logo for FortiJump.

What are the vulnerabilities associated with FortiJump?

On October 23, Fortinet published an advisory (FG-IR-24-423) for FortiJump, assigning a CVE identifier for the flaw.

What is CVE-2024-47575?

CVE-2024-47575 is a missing authentication vulnerability in the FortiGate to FortiManager (FGFM) daemon (fgfmsd) in FortiManager and FortiManager Cloud.

How severe is CVE-2024-47575?

Exploitation of FortiJump could allow an unauthenticated, remote attacker using a valid FortiGate certificate to register unauthorized devices in FortiManager. Successful exploitation would grant the attacker the ability to view and modify files, such as configuration files, to obtain sensitive information, as well as the ability to manage other devices.

Obtaining a certificate from a FortiGate device is relatively easy:

Comment
by from discussion
infortinet

According to results from Shodan, there are nearly 60,000 FortiManager devices that are internet-facing, including over 13,000 in the United States, over 5,800 in China, nearly 3,000 in Brazil and 2,300 in India:

When was FortiJump first disclosed?

There were reports on Reddit that Fortinet proactively notified customers using FortiManager about the flaw ahead of the release of patches, though some customers say they never received any notifications. Beaumont posted a warning to Mastodon on October 13:

Post by @GossiTheDog@cyberplace.social

View on Mastodon

Was this exploited as a zero-day?

Yes, according to both Beaumont and Fortinet, FortiJump has been exploited in the wild as a zero-day. Additionally, Google Mandiant published a blog post on October 23 highlighting its collaborative investigation with Fortinet into the “mass exploitation” of this zero-day vulnerability. According to Google Mandiant, they’ve discovered over 50 plus “potentially compromised FortiManager devices in various industries.”

Which threat actors are exploiting FortiJump?

Google Mandiant attributed exploitation activity to a new threat cluster called UNC5820, adding that the cluster has been observed exploiting the flaw since “as early as June 27, 2024.”

Is there a proof-of-concept (PoC) available for this vulnerability/these vulnerabilities?

As of October 23, there are no public proof-of-concept exploits available for FortiJump.

Are patches or mitigations available for FortiJump?

The following table contains a list of affected products, versions and fixed versions.

Fortinet’s advisory provides workarounds for specific impacted versions if patching is not feasible. These include blocking unknown devices from attempting to register to FortiManager, creating IP allow lists of approved FortiGate devices that can connect to FortiManager and the creation of custom certificates. Generally speaking, it is advised to ensure FGFM is not internet-facing.

Has Tenable released any product coverage for these vulnerabilities?

A list of Tenable plugins for this vulnerability can be found on the individual CVE page for CVE-2024-47575 as they’re released. This link will display all available plugins for this vulnerability, including upcoming plugins in our Plugins Pipeline.

Get more information

• Burning Zero Days: FortiJump FortiManager vulnerability used by nation state in espionage via MSPs
• FortiGuard Labs PSIRT FG-IR-24-423 Advisory

Join Tenable's Security Response Team on the Tenable Community.
Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

1. 4Critical
2. 82Important
3. 1Moderate
4. 0Low

Microsoft addresses 87 CVEs and one advisory (ADV240001) in its November 2024 Patch Tuesday release, with four critical vulnerabilities and four zero-day vulnerabilities, including two that were exploited in the wild.

Microsoft patched 87 CVEs in its November 2024 Patch Tuesday release, with four rated critical, 82 rated important and one rated moderate.

This month’s update includes patches for:

• .NET and Visual Studio
• Airlift.microsoft.com
• Azure CycleCloud
• Azure Database for PostgreSQL
• LightGBM
• Microsoft Exchange Server
• Microsoft Graphics Component
• Microsoft Office Excel
• Microsoft Office Word
• Microsoft PC Manager
• Microsoft Virtual Hard Drive
• Microsoft Windows DNS
• Role: Windows Hyper-V
• SQL Server
• TorchGeo
• Visual Studio
• Visual Studio Code
• Windows Active Directory Certificate Services
• Windows CSC Service
• Windows DWM Core Library
• Windows Defender Application Control (WDAC)
• Windows Kerberos
• Windows Kernel
• Windows NT OS Kernel
• Windows NTLM
• Windows Package Library Manager
• Windows Registry
• Windows SMB
• Windows SMBv3 Client/Server
• Windows Secure Kernel Mode
• Windows Task Scheduler
• Windows Telephony Service
• Windows USB Video Driver
• Windows Update Stack
• Windows VMSwitch
• Windows Win32 Kernel Subsystem

Remote code execution (RCE) vulnerabilities accounted for 58.6% of the vulnerabilities patched this month, followed by elevation of privilege (EoP) vulnerabilities at 29.9%.

Tenable Solutions

A list of all the plugins released for Microsoft’s November 2024 Patch Tuesday update can be found here. As always, we recommend patching systems as soon as possible and regularly scanning your environment to identify those systems yet to be patched.

For more specific guidance on best practices for vulnerability assessments, please refer to our blog post on How to Perform Efficient Vulnerability Assessments with Tenable.

Get more information

• Microsoft's November 2024 Security Updates
• Tenable plugins for Microsoft November 2024 Patch Tuesday Security Updates

Join Tenable's Security Response Team on the Tenable Community.
Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

Here is a Storify collecting the online conversations from the Science games: does play work? session at

"Humanity pushes back! The Survey Corps develops a risky gambit— have Eren in Titan form attempt to repair Wall Rose, reclaiming human territory from the monsters for the first time in a century. But Titan-Eren's self-control is far from perfect, and when he goes on a rampage, not even Armin can stop him! With the survival of humanity on his massive shoulders, will Eren be able to return to his senses, or will he lose himself forever?"-- Page [4] of cover.

"Sheriff Mal Reynolds has a new partner— a law enforcing robot from the Blue Sun corporation, who doesn't care about motives, about mercy, about anything other than enforcing the law— no matter the cost. The Blue Sun Corporation has helped to run the universe from the shadows for years, but they're ready to step into the light and take over. If Mal wants to keep his job and protect his sector, the smart move would be to play by their rulebook. But for Mal, there's really one choice— reunite the crew of the Serenity for one last impossible job to save the 'verse. Greg Pak and artist Dan McDaid launch Mal & the crew of Serenity into their biggest war yet, officially continuing Joss Whedon's acclaimed series." -- Provided by publisher.

"When 18-year-old Klaus gets himself kicked out of the Umbrella Academy and his allowance discontinued, he heads to a place where his ghoulish talents will be appreciated— Hollywood. But after a magical high on a stash stolen from a vampire drug lord, Klaus needs help, and doesn't have his siblings there to save him." -- Provided by publisher.

"The stage is set for the final battle as the first ever Firefly event concludes, with Sheriff Mal Reynolds— yeah, he's still getting used to it too— making a choice that may cost him those he loves most, whether he knows it or not … Shocking losses lead to stunning decisions as Mal and the crew of Serenity must face the consequences of their choices in war against the Blue Sun Corporation. The 'Verse is changing in ways no one ever expected— and a new chapter of Firefly begins here." -- Provided by publisher.

A police officer is furious that his partner's murderer was acquitted. In a desperate act of revenge, he kidnaps the defense attorney's wife. Who will find redemption in this story of corruption and passion?

"When Sarah Winston's estranged brother Luke shows up on her doorstep, asking her not to tell anyone he's in town--especially her ex, the chief of police--the timing is strange, to say the least. Hours earlier, Sarah's latest garage sale was taped off as a crime scene following the discovery of a murdered Vietnam vet and his gravely injured wife--her clients, the Spencers. But is he a killer? All Luke will tell Sarah is that he's undercover, investigating a story. Before she can learn more, he vanishes as suddenly as he appeared. Rummaging through his things for a clue to his whereabouts, Sarah comes upon a list of veterans and realizes that to find her brother, she'll have to figure out who killed Mr. Spencer. And all without telling her ex..."--Back cover.

"At Mt. Natagumo, Tanjiro, Zenitsu and Inosuke battle a terrible family of spider demons. Taking on such powerful enemies demands all the skill and luck Tanjiro has as he and his companions fight to rescue Nezuko from the spiders' web. The battle is drawing in other Demon Slayers but not all of them will leave Mt. Natagumo alive— or in one piece!" -- Page [4] of cover.

"In Taisho-era Japan, kindhearted Tanjiro Kamado makes a living selling charcoal. But his peaceful life is shattered when a demon slaughters his entire family. His little sister Nezuko is the only survivor, but she has been transformed into a demon herself! Tanjiro sets out on a dangerous journey to find a way to return his sister to normal and destroy the demon who ruined his life … After their initial confrontation with Kokushibo, the most powerful of Muzan's demons, Tokito is severely wounded and Genya has been cut in half— but is still alive! Can his regenerative power heal even this fatal wound? Then the Hashira Himejima and Sanemi square off against Kokushibo and unleash all the skill they have against him. Himejima is blind, but if he can see into the Transparent World, he might have a chance. Who will survive this whirlwind of flashing blades?"-- Provided by publisher.

"After centuries of preparation and training, the Demon Slayer Corps has come face-to-face with their nemesis, Muzan Kibutsuji. It is a desperate battle and several Demon Slayers have already been killed. Tanjiro himself has engaged Muzan, and, despite giving it everything he has, is taken out of the fight! Although severely injured and near death, he sees a vision of his ancestor that may hold the key to finally destroying Muzan! Can Tanjiro recover enough strength to fight Muzan to the finish?" -- Provided by publisher

"In Taisho-era Japan, Tanjiro Kamado is a kindhearted boy who makes a living selling charcoal. But his peaceful life is shattered when a demon slaughters his entire family. His little sister Nezuko is the only survivor, but she has been transformed into a demon herself! Tanjiro sets out on a dangerous journey to find a way to return his sister to normal and destroy the demon who ruined his life … Tanjiro finally chases down the main body of the upper-rank demon Hantengu. However, dawn is approaching, and the rising sun is a threat to Nezuko. Tanjiro's concern for his sister is a distraction from the focus he needs to fight Hantengu, and if he hesitates it could be the last mistake he ever makes! Elsewhere, Tamayo ponders the nature of Nezuko's curse and how she could be so different from other demons." -- Provided by publisher

"Giant, sprawling future Gotham City is under martial law, protected and regulated by a private security force led by the infamous Peacekeepers. Their mandate is to maintain the safety of the citizens of Gotham, regardless of any Constitutional rights, and to hunt down, incarcerate, or kill all masked vigilantes, villains, and criminals in the city limits. It's a dangerous and violent look at a possible future Gotham City and the heroes and villains who live there!" -- Provided by publisher.

"The long-awaited sequel to the Eisner-nominated Orange! Experience the world of Orange from a whole new perspective, as the fate of the present and future timelines unfolds from the point of view of the ever-cheerful third wheel, Suwa Hiroto. Reuniting years later in college, Suwa and Naho's lives have been forever scarred by their experiences in high school. They say time heals all wounds, but sometimes, time is not enough." -- Provided by publisher.

"When Sunburst discovers the lost journal of Star Swirl the Bearded, he shares it with Twilight Sparkle. Together, they find out how the sorcerer and several other of Equestria's heroes, known as the Pillars of Old Equestria, sacrificed themselves to defeat the evil Pony of Shadows. After researching more about the heroes' disappearance, Twilight believes that the Pillars are still alive and trapped in limbo and becomes obsessed with trying to free them, but it might not be such a good idea!" -- Provided by publisher

"Nyuki is a brand-new honey bee, and she has a lot of questions. Follow her on a lifelong journey as she annoys her sisters, avoids predators, and learns to trust her inner voice as she masters the way of the hive. Includes a section at the end of the book called 'Odds & Ends' with facts and information about bees."--Provided by publisher.

"Sail the Pacific Islands in search of destiny and the demigod Maui in this retelling of Disney Moana. Moana is a spirited teenager who loves the ocean, yet she is forbidden to travel beyond the reef that surrounds her island home of Motunui. But she feels called to something more, and wants to discover who she was meant to be. When darkness begins to consume the island, and nature is out of balance, Moana knows the solution lies beyond the safety of the reef. Following the messages of her ancestors, and with encouragement from the ocean itself, Moana sails into the open sea to find the demigod Maui and right a wrong from his past. Together they face rough waters, monstrous creatures, and the unknown, in a mission to stop the darkness from spreading, and restore life to the islands! Become a master wayfinder in this action-packed story as Moana's love for the sea turns her into a hero among her people, the gods, and the ocean." -- Provided by publisher