To better measure the changing nature of employment, independent contracting and freelance work, and jobs with unstable hours, a new report from the National Academies of Sciences, Engineering, and Medicine recommends that the U.S. Department of Labor’s Bureau of Labor Statistics (BLS) add questions to the Contingent Worker Supplement (CWS) about work done by people who may not be steadily employed, details about secondary jobs, and work scheduling practices.

New models for studying the human brain — human neural organoids, transplants, and chimeras — show promise for advancing understanding of the brain and laying the groundwork for new therapeutic approaches to brain diseases that have so far proved hard to treat, says a new report from the National Academies of Sciences, Engineering, and Medicine.

The National Institutes of Health should adopt new practices and standardized language to collect data about sex, gender identity, and sexual orientation from survey respondents or research participants. Better measurements will improve data quality, as well as NIH’s ability to identify and understand LGBTQI+ populations.

Here are 46 business proverbs or truths that apply to the plumbing profession, presented in no particular order. Accompanying each is a question every plumbing company owner should ask about his company.

We had just witnessed a large toolbox talk at a mining construction site in Africa. It wasn’t a bad session; the safety officers were loud and lively in their statements, there was some humor and even the safety manager from the general contractor stepped in to say a couple words.

Because vehicle maintenance is essentially the mechanical equivalent of keeping up with your regular physicals and other necessary doctor’s appointments, it’s time for a bit of a checkup.

Looking through the mind of an unconventional genius, the user delves into the fascinating hidden worlds of numbers, connective logic, belief, and possibility

On-Air Sales Coach and Program Host Deb Calvert announces January 5 radio show will feature President of Your Hire Source. Listeners are invited to write in ahead or to call in live with questions about getting prepared for next level jobs.

Few leaders have been trained to ask great questions. That might explain why they tend to be good at certain kinds of questions, and less effective at other kinds. Unfortunately, that hurts their ability to pursue strategic priorities. Arnaud Chevallier, strategy professor at IMD Business School, explains how leaders can break out of that rut and systematically ask five kinds of questions: investigative, speculative, productive, interpretive, and subjective. He shares real-life examples of how asking the right sort of question at a key time can unlock value and propel your organization. With his IMD colleagues Frédéric Dalsace and Jean-Louis Barsoux, Chevallier wrote the HBR article "The Art of Asking Smarter Questions."

The South Carolina Supreme Court upheld a finding that a worker was entitled to benefits for a back injury, but it questioned the continued viability of its case law allowing…

I made some poor decisions in my 20s. Or rather, a series of poor decisions that seemed to stack and compound. I took on tens of thousands of dollars of credit card, student loan, and tax debt. I gained 70 pounds since graduating high school, because I ate way too much fast food and pretty …

The post How to tackle big goals by narrowing your focus with two simple questions appeared first on Nathan Rice.

Frequently asked questions about a zero-day vulnerability in Fortinet’s FortiManager that has reportedly been exploited in the wild.

Background

The Tenable Security Response Team (SRT) has compiled this blog to answer Frequently Asked Questions (FAQ) regarding a zero-day vulnerability in Fortinet’s FortiManager.

FAQ

What is FortiJump?

FortiJump is a name given to a zero-day vulnerability in the FortiGate-FortiManager (FGFM) protocol in Fortinet’s FortiManager and FortiManager Cloud. It was named by security researcher Kevin Beaumont in a blog post on October 22. Beaumont also created a logo for FortiJump.

What are the vulnerabilities associated with FortiJump?

On October 23, Fortinet published an advisory (FG-IR-24-423) for FortiJump, assigning a CVE identifier for the flaw.

What is CVE-2024-47575?

CVE-2024-47575 is a missing authentication vulnerability in the FortiGate to FortiManager (FGFM) daemon (fgfmsd) in FortiManager and FortiManager Cloud.

How severe is CVE-2024-47575?

Exploitation of FortiJump could allow an unauthenticated, remote attacker using a valid FortiGate certificate to register unauthorized devices in FortiManager. Successful exploitation would grant the attacker the ability to view and modify files, such as configuration files, to obtain sensitive information, as well as the ability to manage other devices.

Obtaining a certificate from a FortiGate device is relatively easy:

Comment
by from discussion
infortinet

According to results from Shodan, there are nearly 60,000 FortiManager devices that are internet-facing, including over 13,000 in the United States, over 5,800 in China, nearly 3,000 in Brazil and 2,300 in India:

When was FortiJump first disclosed?

There were reports on Reddit that Fortinet proactively notified customers using FortiManager about the flaw ahead of the release of patches, though some customers say they never received any notifications. Beaumont posted a warning to Mastodon on October 13:

Post by @GossiTheDog@cyberplace.social

View on Mastodon

Was this exploited as a zero-day?

Yes, according to both Beaumont and Fortinet, FortiJump has been exploited in the wild as a zero-day. Additionally, Google Mandiant published a blog post on October 23 highlighting its collaborative investigation with Fortinet into the “mass exploitation” of this zero-day vulnerability. According to Google Mandiant, they’ve discovered over 50 plus “potentially compromised FortiManager devices in various industries.”

Which threat actors are exploiting FortiJump?

Google Mandiant attributed exploitation activity to a new threat cluster called UNC5820, adding that the cluster has been observed exploiting the flaw since “as early as June 27, 2024.”

Is there a proof-of-concept (PoC) available for this vulnerability/these vulnerabilities?

As of October 23, there are no public proof-of-concept exploits available for FortiJump.

Are patches or mitigations available for FortiJump?

The following table contains a list of affected products, versions and fixed versions.

Fortinet’s advisory provides workarounds for specific impacted versions if patching is not feasible. These include blocking unknown devices from attempting to register to FortiManager, creating IP allow lists of approved FortiGate devices that can connect to FortiManager and the creation of custom certificates. Generally speaking, it is advised to ensure FGFM is not internet-facing.

Has Tenable released any product coverage for these vulnerabilities?

A list of Tenable plugins for this vulnerability can be found on the individual CVE page for CVE-2024-47575 as they’re released. This link will display all available plugins for this vulnerability, including upcoming plugins in our Plugins Pipeline.

Get more information

• Burning Zero Days: FortiJump FortiManager vulnerability used by nation state in espionage via MSPs
• FortiGuard Labs PSIRT FG-IR-24-423 Advisory

Join Tenable's Security Response Team on the Tenable Community.
Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

How do we find lasting, trusting, and fulfilling friendships? Is it by being popular? Dazzling others with your genius? Looking for that ultimate BFF? Hiding all your imperfections and trying hard to fit in? Deep and enduring friendships are essential to our psychological and physical well-being. Unfortunately, between bullying, social anxiety, peer pressure, and other issues, many teens feel isolated. In Dear Libby, trusted columnist Libby Kiszner offers a breakthrough approach to friendship and connection. You can create friendships from the inside out-rather than from the outside in. You can experience friendships with vibrant self-expression in every stage of life, making Dear Libby a book that can be read and reread at any age. Containing seven core principles, this life-changing resource not only explains the dynamics of connections and friendships but also gives practical tools to develop them. Integrating contemporary issues, timeless insight, real-life skills, and unique perspectives, Dear Libby provides a hands-on guide for dealing with everyday friendship struggles faced by teens today. Teens and readers of all ages will gain insight and understanding on how to make profound, joyful relationships possible. Find answers to real questions like: What should I do when people who are supposed to be my friends call me names or embarrass me? What should I do I do if I'm being ignored at school? What is the best way to handle loneliness? Someone just stole my friend. What can I do? What can I do when my friends get together and "forget" to invite me?

It's been a month since the collapse of Silicon Valley Bank touched off the worst episode of banking turmoil since 2008. While the financial system appears to have stabilized, we're still reckoning with what happened. Regulators are getting dragged before Congress. The Federal Reserve and the FDIC have promised reports on what went wrong with bank oversight. And judging by our inbox, you, our listeners, have a lot of lingering questions.

Questions like: Was it a bailout? Where were the regulators? Is it over yet? And what about those other banks that were teetering on the edge?

Today on the show, some answers for you.

This episode was produced by Sam Yellowhorse Kesler with help from Willa Rubin. It was engineered by Brian Jarboe. It was fact-checked by Sierra Juarez and edited by Molly Messick. Jess Jiang is our acting executive producer.

Help support Planet Money and get bonus episodes by subscribing to Planet Money+ in Apple Podcasts or at plus.npr.org/planetmoney.

Learn more about sponsor message choices: podcastchoices.com/adchoices

NPR Privacy Policy

Ba-dee-yah! Say do you remember? Ba-dee-yah! Questions in September!

That's right - it's time for Listener Questions!

Every so often, we like to hear from listeners about what's on their minds, and we try to get to the bottom of their economic mysteries. On today's show, we have questions like:

Why is September historically the worst month for the stock market?
How did the Bass Pro Shops hat get so popular in Ecuador?
Are casinos banks?
What is the Federal Reserve's new plan to make bank transfers faster?

Today's show was hosted by Sarah Gonzalez and produced by James Sneed. The audio engineer for this episode was Josephine Nyounai. It was fact checked by Sierra Juarez and edited by Dave Blanchard. Alex Goldmark is our executive producer.

Help support Planet Money and get bonus episodes by subscribing to Planet Money+ in Apple Podcasts or at plus.npr.org/planetmoney.

Learn more about sponsor message choices: podcastchoices.com/adchoices

NPR Privacy Policy

A little healthy competition is a good thing — under the right circumstances and with the right people. In many industries, internal competition has long been used to increase everything from productivity to profits. But what about using competition as part of your employee engagement strategy? Does pitting individual workers against each other really increase engagement across the board? While there are

The path to temperature control through smart thermostat technology is more involved than many customers realize.

Posted by Bestell_E-Mail via Snort-sigs on Oct 22

Donald Trump has won the 2024 US election and will be president for a second time from early next year. Lots of you had questions and we asked a BBC expert to answer them.

Title: Idioms- Body 3
Topic: Idioms
Level: Advanced
Information: Choose the correct answer.
Link: https://www.usingenglish.com/quizzes/569.html

Title: Australian Rhyming Slang 2
Topic: Cockney Rhyming Slang
Level: Advanced
Information: Choose the correct answer.
Link: https://www.usingenglish.com/quizzes/570.html

Title: Which or Where?
Topic: Relative Clauses and Pronouns
Level: Intermediate
Information: Choose the correct answer.
Link: https://www.usingenglish.com/quizzes/571.html

Title: Lend & Borrow
Topic: Vocabulary
Level: Beginner
Information: Choose the correct answer.
Link: https://www.usingenglish.com/quizzes/572.html

Title: Idioms- Animals 2
Topic: Idioms
Level: Advanced
Information: Choose the correct answer.
Link: https://www.usingenglish.com/quizzes/573.html

Title: Parts of Speech
Topic: Parts of Speech
Level: Beginner
Information: Choose the correct answer.
Link: https://www.usingenglish.com/quizzes/574.html

Title: Parts of Speech 2
Topic: Parts of Speech
Level: Beginner
Information: Choose the correct answer.
Link: https://www.usingenglish.com/quizzes/575.html

Title: Idioms- Furniture and Household Fittings
Topic: Idioms
Level: Advanced
Information: Choose the correct answer.
Link: https://www.usingenglish.com/quizzes/576.html

Title: Test Your Spelling 3
Topic: General
Level: Intermediate
Information: Choose the correct answer.
Link: https://www.usingenglish.com/quizzes/577.html

Title: Phrasal Verbs- In
Topic: Phrasal Verbs
Level: Intermediate
Information: Choose the correct answer.
Link: https://www.usingenglish.com/quizzes/578.html

Title: Over
Topic: Phrasal Verbs
Level: Intermediate
Information: Choose the correct answer.
Link: https://www.usingenglish.com/quizzes/579.html

Title: Phrasal Verbs- Finish
Topic: Phrasal Verbs
Level: Intermediate
Information: Choose the correct answer.
Link: https://www.usingenglish.com/quizzes/580.html

Title: Phrasal Verbs - Take 2
Topic: Phrasal Verbs
Level: Intermediate
Information: Choose the correct answer.
Link: https://www.usingenglish.com/quizzes/581.html

Title: Phrasal Verbs - Back
Topic: Phrasal Verbs
Level: Intermediate
Information: Choose the correct answer.
Link: https://www.usingenglish.com/quizzes/582.html

Title: Idioms- Sport 2
Topic: Idioms
Level: Advanced
Information: Choose the correct answer.
Link: https://www.usingenglish.com/quizzes/583.html

Title: Idioms- Work
Topic: Idioms
Level: Advanced
Information: Choose the correct answer.
Link: https://www.usingenglish.com/quizzes/584.html

Title: Easily Confused Words
Topic: Vocabulary
Level: Advanced
Information: Choose the correct answer.
Link: https://www.usingenglish.com/quizzes/585.html