World Standards Day 2020: STANDARDS ARE ESSENTIAL TO PROTECT THE PLANET

On 14 October 2020, CEN, CENELEC and ETSI, the three official European Standardization Organizations, join the international standardization community in celebrating World Standards Day. By focusing on the environment, this year’s edition aims to raise awareness on the potential of standards to help tackle the climate crisis.

Read More...

ETSI celebrates International Women’s Day

Sophia Antipolis, 8 March 2022

Diversity, equity, and inclusiveness are key pillars of the ETSI community. ETSI is committed to help raise awareness of the value of gender diversity and we wanted to highlight the people behind our standards: #TheStandardsPeople.

To start this campaign and to mark International Women’s Day, we dedicate the month of March to showcase our female contributors.

Read More...

ETSI celebrates World Standards Day with ETSI Standards for a Better World

Sophia Antipolis, 14 October 2022

Today ETSI is joining the international standardization community in celebrating World Standards Day. This year’s edition focuses on a “shared vision for a better world”, where the UN Sustainable Development Goals (SDGs) are key enablers. Standards help to reach these goals.

At ETSI, we have decided to showcase six of our recently released ICT standards which help citizens to live in a better world, giving concrete examples of how people and the planet benefit from standards, and how they are aligned with the SDGs.

Read More...

Sophia Antipolis, 3 July 2023

ETSI is starting today its 3rd FRMCS (Future Railway Mobile Communication System) Plugtests™ event. GSM-R is one of the main standards for railway telecommunication services. It is developed and maintained by the ETSI Technical Committee Railway Telecommunications. With the increased need for more throughput, higher capacity and flexible deployment options, FRMCS is being developed based on 3GPP Mission Critical Services.

Read More...

Starts: Mon, 25 Nov 2024 20:00:00 -0500
11/25/2024 05:30:00PM
Location: Montreal, Canada

Starts: Tue, 26 Nov 2024 20:00:00 -0500
11/26/2024 06:00:00PM
Location: Toronto, Canada

Starts: Sat, 30 Nov 2024 20:00:00 -0500
11/30/2024 05:00:00PM
Location: Lac-Brome (Knowlton), Canada

Starts: Tue, 03 Dec 2024 19:30:00 -0500
12/03/2024 07:30:00PM
Location: Happy Valley, Hong Kong (china)

Starts: Sat, 07 Dec 2024 13:30:00 -0500
12/07/2024 11:30:00AM
Location: Los Angeles, U. S. A.

Starts: Sun, 08 Dec 2024 18:30:00 -0500
12/08/2024 04:30:00PM
Location: San Mateo, U. S. A.

Starts: Tue, 10 Dec 2024 19:00:00 -0500
12/10/2024 05:00:00PM
Location: Vancouver, Canada

Starts: Wed, 11 Dec 2024 19:00:00 -0500
12/11/2024 05:00:00PM
Location: Vancouver, Canada

Starts: Wed, 11 Dec 2024 22:00:00 -0500
12/11/2024 06:00:00PM
Location: Ottawa, Canada

Starts: Thu, 12 Dec 2024 21:00:00 -0500
12/12/2024 07:00:00PM
Location: New York, U. S. A.

Starts: Sat, 30 Nov 2024 19:00:00 -0500
<div>Join us for a magical evening of holiday cheer at the <b>McGill Alumni Association of Calgary</b>'s <b>Holiday Soirée</b>!</div><div><br /></div><div>Immerse yourself in the historic ambiance of Lougheed House as we celebrate the season with festive decorations, delightful canapés, and a cash bar.&nbsp;</div><div><br /></div><div>This is your chance to dress up, socialize, make new friends, and reconnect with old ones-all while enjoying a fun evening with our community. <br /><br /></div><div><i>Get ready to be enchanted by the spirit of the holidays! <br /></i></div>
Location: Calgary, Canada

Frequently asked questions about a zero-day vulnerability in Fortinet’s FortiManager that has reportedly been exploited in the wild.

Background

The Tenable Security Response Team (SRT) has compiled this blog to answer Frequently Asked Questions (FAQ) regarding a zero-day vulnerability in Fortinet’s FortiManager.

FAQ

What is FortiJump?

FortiJump is a name given to a zero-day vulnerability in the FortiGate-FortiManager (FGFM) protocol in Fortinet’s FortiManager and FortiManager Cloud. It was named by security researcher Kevin Beaumont in a blog post on October 22. Beaumont also created a logo for FortiJump.

What are the vulnerabilities associated with FortiJump?

On October 23, Fortinet published an advisory (FG-IR-24-423) for FortiJump, assigning a CVE identifier for the flaw.

What is CVE-2024-47575?

CVE-2024-47575 is a missing authentication vulnerability in the FortiGate to FortiManager (FGFM) daemon (fgfmsd) in FortiManager and FortiManager Cloud.

How severe is CVE-2024-47575?

Exploitation of FortiJump could allow an unauthenticated, remote attacker using a valid FortiGate certificate to register unauthorized devices in FortiManager. Successful exploitation would grant the attacker the ability to view and modify files, such as configuration files, to obtain sensitive information, as well as the ability to manage other devices.

Obtaining a certificate from a FortiGate device is relatively easy:

Comment
by from discussion
infortinet

According to results from Shodan, there are nearly 60,000 FortiManager devices that are internet-facing, including over 13,000 in the United States, over 5,800 in China, nearly 3,000 in Brazil and 2,300 in India:

When was FortiJump first disclosed?

There were reports on Reddit that Fortinet proactively notified customers using FortiManager about the flaw ahead of the release of patches, though some customers say they never received any notifications. Beaumont posted a warning to Mastodon on October 13:

Post by @GossiTheDog@cyberplace.social

View on Mastodon

Was this exploited as a zero-day?

Yes, according to both Beaumont and Fortinet, FortiJump has been exploited in the wild as a zero-day. Additionally, Google Mandiant published a blog post on October 23 highlighting its collaborative investigation with Fortinet into the “mass exploitation” of this zero-day vulnerability. According to Google Mandiant, they’ve discovered over 50 plus “potentially compromised FortiManager devices in various industries.”

Which threat actors are exploiting FortiJump?

Google Mandiant attributed exploitation activity to a new threat cluster called UNC5820, adding that the cluster has been observed exploiting the flaw since “as early as June 27, 2024.”

Is there a proof-of-concept (PoC) available for this vulnerability/these vulnerabilities?

As of October 23, there are no public proof-of-concept exploits available for FortiJump.

Are patches or mitigations available for FortiJump?

The following table contains a list of affected products, versions and fixed versions.

Fortinet’s advisory provides workarounds for specific impacted versions if patching is not feasible. These include blocking unknown devices from attempting to register to FortiManager, creating IP allow lists of approved FortiGate devices that can connect to FortiManager and the creation of custom certificates. Generally speaking, it is advised to ensure FGFM is not internet-facing.

Has Tenable released any product coverage for these vulnerabilities?

A list of Tenable plugins for this vulnerability can be found on the individual CVE page for CVE-2024-47575 as they’re released. This link will display all available plugins for this vulnerability, including upcoming plugins in our Plugins Pipeline.

Get more information

• Burning Zero Days: FortiJump FortiManager vulnerability used by nation state in espionage via MSPs
• FortiGuard Labs PSIRT FG-IR-24-423 Advisory

Join Tenable's Security Response Team on the Tenable Community.
Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

1. 4Critical
2. 82Important
3. 1Moderate
4. 0Low

Microsoft addresses 87 CVEs and one advisory (ADV240001) in its November 2024 Patch Tuesday release, with four critical vulnerabilities and four zero-day vulnerabilities, including two that were exploited in the wild.

Microsoft patched 87 CVEs in its November 2024 Patch Tuesday release, with four rated critical, 82 rated important and one rated moderate.

This month’s update includes patches for:

• .NET and Visual Studio
• Airlift.microsoft.com
• Azure CycleCloud
• Azure Database for PostgreSQL
• LightGBM
• Microsoft Exchange Server
• Microsoft Graphics Component
• Microsoft Office Excel
• Microsoft Office Word
• Microsoft PC Manager
• Microsoft Virtual Hard Drive
• Microsoft Windows DNS
• Role: Windows Hyper-V
• SQL Server
• TorchGeo
• Visual Studio
• Visual Studio Code
• Windows Active Directory Certificate Services
• Windows CSC Service
• Windows DWM Core Library
• Windows Defender Application Control (WDAC)
• Windows Kerberos
• Windows Kernel
• Windows NT OS Kernel
• Windows NTLM
• Windows Package Library Manager
• Windows Registry
• Windows SMB
• Windows SMBv3 Client/Server
• Windows Secure Kernel Mode
• Windows Task Scheduler
• Windows Telephony Service
• Windows USB Video Driver
• Windows Update Stack
• Windows VMSwitch
• Windows Win32 Kernel Subsystem

Remote code execution (RCE) vulnerabilities accounted for 58.6% of the vulnerabilities patched this month, followed by elevation of privilege (EoP) vulnerabilities at 29.9%.

Tenable Solutions

A list of all the plugins released for Microsoft’s November 2024 Patch Tuesday update can be found here. As always, we recommend patching systems as soon as possible and regularly scanning your environment to identify those systems yet to be patched.

For more specific guidance on best practices for vulnerability assessments, please refer to our blog post on How to Perform Efficient Vulnerability Assessments with Tenable.

Get more information

• Microsoft's November 2024 Security Updates
• Tenable plugins for Microsoft November 2024 Patch Tuesday Security Updates

Join Tenable's Security Response Team on the Tenable Community.
Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

A police officer is furious that his partner's murderer was acquitted. In a desperate act of revenge, he kidnaps the defense attorney's wife. Who will find redemption in this story of corruption and passion?

"When Sarah Winston's estranged brother Luke shows up on her doorstep, asking her not to tell anyone he's in town--especially her ex, the chief of police--the timing is strange, to say the least. Hours earlier, Sarah's latest garage sale was taped off as a crime scene following the discovery of a murdered Vietnam vet and his gravely injured wife--her clients, the Spencers. But is he a killer? All Luke will tell Sarah is that he's undercover, investigating a story. Before she can learn more, he vanishes as suddenly as he appeared. Rummaging through his things for a clue to his whereabouts, Sarah comes upon a list of veterans and realizes that to find her brother, she'll have to figure out who killed Mr. Spencer. And all without telling her ex..."--Back cover.

"In Taisho-era Japan, Tanjiro Kamado is a kindhearted boy who makes a living selling charcoal. But his peaceful life is shattered when a demon slaughters his entire family. His little sister Nezuko is the only survivor, but she has been transformed into a demon herself! Tanjiro sets out on a dangerous journey to find a way to return his sister to normal and destroy the demon who ruined his life … Tanjiro finally chases down the main body of the upper-rank demon Hantengu. However, dawn is approaching, and the rising sun is a threat to Nezuko. Tanjiro's concern for his sister is a distraction from the focus he needs to fight Hantengu, and if he hesitates it could be the last mistake he ever makes! Elsewhere, Tamayo ponders the nature of Nezuko's curse and how she could be so different from other demons." -- Provided by publisher

When: Monday, December 10, 2018 - 5:30 PM - 7:30 PM
Where: Xenia Library at Meeting Room, 1st Floor

Make six gift tags, three of your own design, with lots of layers, specialty papers, glitter, and embellishments.

World Food Day 2024: The critical role of healthy diets for realizing the right to food

IFPRI's 2024 Global Food Policy Report on a key paradigm shift.

The post World Food Day 2024: The critical role of healthy diets for realizing the right to food appeared first on IFPRI.

World Cities Day 2024: Building more inclusive, sustainable, and resilient urban food systems

IFPRI researchers on urbanization.

The post World Cities Day 2024: Building more inclusive, sustainable, and resilient urban food systems appeared first on IFPRI.

Event Begins: Wednesday, November 13, 2024 5:00pm
Location: Literature Science and Arts Building
Organized By: Maize Pages Student Organizations

Come Join us every Wednesday evening from 5-10pm at the Literature Science and Arts Building in the Transfer Student Center for a group study session. The space is dedicated during these hours for student veterans so feel free to drop in anytime during these hours. 

Event Begins: Wednesday, November 13, 2024 2:30pm
Location: Lorch Hall
Organized By: Department of Economics

--

Event Begins: Wednesday, November 13, 2024 2:00pm
Location: International House Ann Arbor (921 Church Street)
Organized By: Sessions @ Michigan

Event Begins: Wednesday, November 13, 2024 1:30pm
Location: Off Campus Location
Organized By: Institute for Social Research

Are you grappling with a piece of code, trying to compute on a cluster, or just getting started with a new method such as machine learning? Then we might have just the right space for you.

All members of the U-M community are invited to join our weekly virtual CoderSpaces to get research support and connect with others.

Tuesdays, 9:30-11 a.m. ET, via Zoom
Wednesdays, 1:30-3 p.m. ET, via Zoom

Event Begins: Wednesday, November 13, 2024 1:00pm
Location:
Organized By: University Career Center

Interested in gaining a first hand account of a career in aerospace engineering? Join Handshake and Pratt &amp; Whitney Production Test Engineer, Anthony Bartolotta, for answers to questions on topics like:
An average day in the life of an aerospace engineer 
Important hard and soft skills for aspiring engineers to know
Tips for launching a career in engineering
Sign up for free today! 

Event Begins: Wednesday, November 13, 2024 12:00pm
Location: Michigan Union
Organized By: Sexual Assault Prevention and Awareness Center (SAPAC)

We are excited to share that SAPAC will be hosting an additional Wellness Wednesday space! Many in our community have expressed a desire and need for more community connection and space to focus on wellness, so we are adding a session to our usual Wellness Wednesday schedule! 

Wellness Wednesdays is an informal drop-in series for self-care practices including coloring, journaling, crafting, reading, gentle music and socializing. This is also a great way to study in a supportive space. Snacks, hot cocoa, and tea provided!

SAPAC team members will be present. This is not a support group or a clinical group setting, but we are here to hold space, and provide connections to supportive resources if you have questions!

If you can't make it tomorrow, we encourage you to join us for the next scheduled session on November 20th! 

Location: SAPAC Shared Space - Rm 4100 (4th Floor Michigan Union)
When: Wednesday November 13th. 12-2pm

Event Begins: Wednesday, November 13, 2024 9:00am
Location: Alumni Center
Organized By: Alumni Association

The Alumni Association of the University of Michigan hosts Welcome Wednesdays for U-M students most Wednesday mornings throughout the fall and winter semesters. Start your day with free coffee, tea, hot chocolate, and a breakfast snack thanks to Alumni Association members.

Students can stop by the Alumni Center from 9 a.m. to noon for during the dates listed and make sure to bring your Mcard!

In Dakar, during the American holiday months and a global pandemic, every aspect of my life has shifted.

Targeting interventions to benefit public health.