Learn why a "creative pause" after major achievements is essential for growth. Simone Biles shows us how to embrace rest and reflection over constant pressure.

The post The Creative Pause: Why We Need to Stop Asking “What’s Next?” first appeared on Chase Jarvis.

The post The Creative Pause: Why We Need to Stop Asking “What’s Next?” appeared first on Chase Jarvis.

This summer, we were finally able to travel back to the Kanektok River in Alaska. Located about 90 minutes by charter flight from Anchorage, the Kanektok is a truly unique and remote destination. The dirt air strip we landed on is part of the first native village of Quinhagak, and the only way to reach…

Engaging in multiple types of memory training exercises- as opposed to repetitive tasks- helps older adults improve their working memory.

Engaging in multiple types of memory training exercises- as opposed to repetitive tasks- helps older adults improve their working memory.

A team of researchers at the California Institute of Technology have released a prototype for a new type of advanced, smart mask that could be used to dete

Frequently asked questions about a zero-day vulnerability in Fortinet’s FortiManager that has reportedly been exploited in the wild.

Background

The Tenable Security Response Team (SRT) has compiled this blog to answer Frequently Asked Questions (FAQ) regarding a zero-day vulnerability in Fortinet’s FortiManager.

FAQ

What is FortiJump?

FortiJump is a name given to a zero-day vulnerability in the FortiGate-FortiManager (FGFM) protocol in Fortinet’s FortiManager and FortiManager Cloud. It was named by security researcher Kevin Beaumont in a blog post on October 22. Beaumont also created a logo for FortiJump.

What are the vulnerabilities associated with FortiJump?

On October 23, Fortinet published an advisory (FG-IR-24-423) for FortiJump, assigning a CVE identifier for the flaw.

What is CVE-2024-47575?

CVE-2024-47575 is a missing authentication vulnerability in the FortiGate to FortiManager (FGFM) daemon (fgfmsd) in FortiManager and FortiManager Cloud.

How severe is CVE-2024-47575?

Exploitation of FortiJump could allow an unauthenticated, remote attacker using a valid FortiGate certificate to register unauthorized devices in FortiManager. Successful exploitation would grant the attacker the ability to view and modify files, such as configuration files, to obtain sensitive information, as well as the ability to manage other devices.

Obtaining a certificate from a FortiGate device is relatively easy:

Comment
by from discussion
infortinet

According to results from Shodan, there are nearly 60,000 FortiManager devices that are internet-facing, including over 13,000 in the United States, over 5,800 in China, nearly 3,000 in Brazil and 2,300 in India:

When was FortiJump first disclosed?

There were reports on Reddit that Fortinet proactively notified customers using FortiManager about the flaw ahead of the release of patches, though some customers say they never received any notifications. Beaumont posted a warning to Mastodon on October 13:

Post by @GossiTheDog@cyberplace.social

View on Mastodon

Was this exploited as a zero-day?

Yes, according to both Beaumont and Fortinet, FortiJump has been exploited in the wild as a zero-day. Additionally, Google Mandiant published a blog post on October 23 highlighting its collaborative investigation with Fortinet into the “mass exploitation” of this zero-day vulnerability. According to Google Mandiant, they’ve discovered over 50 plus “potentially compromised FortiManager devices in various industries.”

Which threat actors are exploiting FortiJump?

Google Mandiant attributed exploitation activity to a new threat cluster called UNC5820, adding that the cluster has been observed exploiting the flaw since “as early as June 27, 2024.”

Is there a proof-of-concept (PoC) available for this vulnerability/these vulnerabilities?

As of October 23, there are no public proof-of-concept exploits available for FortiJump.

Are patches or mitigations available for FortiJump?

The following table contains a list of affected products, versions and fixed versions.

Fortinet’s advisory provides workarounds for specific impacted versions if patching is not feasible. These include blocking unknown devices from attempting to register to FortiManager, creating IP allow lists of approved FortiGate devices that can connect to FortiManager and the creation of custom certificates. Generally speaking, it is advised to ensure FGFM is not internet-facing.

Has Tenable released any product coverage for these vulnerabilities?

A list of Tenable plugins for this vulnerability can be found on the individual CVE page for CVE-2024-47575 as they’re released. This link will display all available plugins for this vulnerability, including upcoming plugins in our Plugins Pipeline.

Get more information

• Burning Zero Days: FortiJump FortiManager vulnerability used by nation state in espionage via MSPs
• FortiGuard Labs PSIRT FG-IR-24-423 Advisory

Join Tenable's Security Response Team on the Tenable Community.
Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

(Wed, Nov 13 2024 4:51 AM to TBD) The Harlem-bound platform elevator at Pulaski (Green Line) is temporarily out-of-service.

(Wed, Nov 13 2024 4:51 AM to TBD) The Harlem-bound platform elevator at Pulaski (Green Line) is temporarily out-of-service.

It's listener question time. We've got answers about "free" shipping, full employment, when a raise isn't a raise, Taylor Swift, crypto seizures and our very own Micro-Face comic. | Subscribe to our weekly newsletter here.

Learn more about sponsor message choices: podcastchoices.com/adchoices

NPR Privacy Policy

On today's show, we're answering listener questions from the Planet Money inbox. Like, who really benefits from retail coupons? And why are goldfish so cheap?

Subscribe to Planet Money+ in Apple Podcasts or at plus.npr.org/planetmoney

Learn more about sponsor message choices: podcastchoices.com/adchoices

NPR Privacy Policy

About thirty years ago, Yagya Kumar Pradhan woke up to the news that the temple he and his clan used had been broken into. The temple had been ransacked. And someone had stolen two holy Bhairav masks. Yagya says they had been in his family for more than five hundred years – since the 16th century.

Yagya is a kind of Hindu priest for his clan. And he says, these Bhairav masks were very holy. People made offerings to them during Dashaun, a festival held in the fall.

Yagya thought the masks were gone for good. He didn't realize... they were hiding in plain sight.

On today's show: The story of a group of amateur art detectives who use modern tools, subterfuge, and the power of the law to return stolen artifacts to their rightful owners. And we dive into the world of high-end auctions and art museums to ask: Can the art world survive the legacy of cultural theft?

Clarification: This episode has been updated to clarify that the reason the Rubin Museum is shuttering its building is not directly linked to repatriation.

This episode was hosted by Erika Beras and Nick Fountain. It was produced by James Sneed, edited by Jess Jiang, fact-checked by Sierra Juarez, and engineered by Cena Loffredo. Alex Goldmark is Planet Money's executive producer.

Help support Planet Money and get bonus episodes by subscribing to Planet Money+ in Apple Podcasts or at plus.npr.org/planetmoney.

Learn more about sponsor message choices: podcastchoices.com/adchoices

NPR Privacy Policy

(For our story on this year's Nobel in Economics, check out our daily show, The Indicator!)

Let's face it. Economics is filled with terms that don't always make sense to the average person. Terms that sometimes mean what you think they mean, but sometimes not at all. Not even close.

We surveyed 188 economists. And we asked them: What are the most misunderstood terms in the field of economics?

On today's show, their answers! Hear stories about near recessions, a problem with insurance, econ at your local movie theater, and... an economics term that will make undergrads blush. Strap in, and bring your popcorn!

This episode was hosted by Amanda Aronczyk and Alexi Horowitz-Ghazi. It was produced by Sam Yellowhorse Kesler with help from Sean Saldana. It was edited by Jess Jiang, engineered by Valentina Rodríguez Sánchez and fact-checked by Sierra Juarez. Alex Goldmark is our executive producer.

Help support Planet Money and hear our bonus episodes by subscribing to Planet Money+ in Apple Podcasts or at plus.npr.org/planetmoney.

Learn more about sponsor message choices: podcastchoices.com/adchoices

NPR Privacy Policy

StoryCorps does a lot of different things, but they all come down to connecting people— even if they disagree. That's the idea behind our One Small Step initiative, where we pair strangers with opposing political views to have a conversation, not about politics, but about their lives. In the last episode of our season, two people who connected — even though their beliefs divided them.

Leave us a voicemail at 702-706-TALK, or email us at podcast@storycorps.org.

Learn more about sponsor message choices: podcastchoices.com/adchoices

NPR Privacy Policy

In a report released today, more than 20 researchers provide strategies that center equity and justice in LADWP’s transition.

Central Middle School 2023 Boys’ Basketball Game Schedule   Wednesday 11/8 8th Grade A Team @ home vs EGR 5:00pm  8th Grade B Team @ home vs EGR 4:00pm 7th Grade A Team @ EGR  5:00pm  7th Grade B Team @ EGR  4:00pm   Monday 11/13 8th Grade A Team @ FHE 4:00pm  8th Grade […]

The post CMS Boys’ Basketball Game Schedule for 2023 appeared first on Forest Hills Public Schools.

7th Grade REC Schedule Nov. 15 (WED) at Northern 3:30 EMS vs C1 4:30 N2 vs C2 5:30 EGR vs N1 Nov 20 (MON) at Central 3:30 EMS vs N1 4:30 C1 vs N2 5:30 EGR vs C2 Nov 27 (MON) at Northern 3:30 EMS vs C2 4:30 C1 vs N1 5:30 EGR vs N2 […]

The post 7th and 8th Grade Boys’ Basketball REC Team Schedules appeared first on Forest Hills Public Schools.

The linked PDF contains the complete schedule for Central Middle School 2024 girls’ basketball teams. The schedule includes both 8th-grade and 7th-grade A and B teams, and games begin Monday, Jan. 22, 2024. Click here for the complete schedule.

The post Central Middle School 2024 Girls’ Basketball Schedule appeared first on Forest Hills Public Schools.

The following is a list of University of Toronto experts who can comment on the Toronto police task force report and TAVIS. Rinaldo Walcott, Associate Professor of Sociology Expertise: Race, Black politics, Community criticism of TAVIS Tel: (416) 978‑0400 Email: rinaldo.walcott@utoronto.ca (email is best) Akwasi Owusu-Bempah, Ph.D. Candidate in Centre of Criminology Expertise: Policing challenges, Criminal Justice, […]

Toronto, ON – From Volkswagon to BP, from Blackberry to Bombardier, from United Airlines to Equifax, businesses — large and small — face threats to their survival. These worries keep corporate leaders awake and night. Is there anything businesses can do about it? This question and more is answered in new book, Survive and Thrive: […]

NFTs are all over the news. We decided to take a closer look and figure out just what this bitcoin-adjacent technology is — and whether it's worth the hype.

Make a compelling case for getting paid more. Then stop talking.

Speicher explains how design thinking can help guide us to new ways of collaborating as we rethink work and the workplace in a post-Covid world.

Manufacturers face complex challenges, including attracting and retaining labor and adapting to a volatile market. Skilled human labor remains crucial despite advancements in automation.

ObjectWeb utility Ant tasks library

ObjectWeb utility Ant tasks library

ObjectWeb utility Ant tasks library

According to the AEA, nonresidential buildings consume more than half the building energy use in Alaska, and the majority of these buildings are privately owned. The Commercial Building Energy Audit program is designed to pay up to 75 percent of the cost of an ASHRAE level 1+ energy audit performed on privately owned commercial buildings.

Seven of the new full-time employees hired to start up operations previously worked at the VISE-GRIP factory. Malco plans to add jobs as production increases.

Wendy Abbagliato of Chester, New York, was promoted to office manager at Nebrasky Plumbing, Heating & Cooling, an award-winning Hudson Valley business. Abbagliato will be responsible for planning, directing, and overseeing the office operations for the company.

Artificial intelligence, or AI, is now able to handle many of an HVAC contractor’s administrative tasks, and also help employees perform their own tasks better.

Artificial intelligence and HARDI’s new AI tool were big topics during the group’s recent Focus conference in Dallas, Texas.

We start our discussion with a brief look at what Haskell is and how a pure functional language is different from non-pure languages. We then look at the basic building blocks and the philosophy of the language, discussing concepts such as the lambda calculus, closures, currying, immutability, lazy evaluation, memoization, and the role of data types in functional languages. A significant part of the discussion is then spent on the management of side effects in a pure language - in other words, the importance of monads. We conclude the episode with a look at Haskell's importance and community today.

Omer Katz, a software consultant and core contributor to the Celery discusses the Celery task processing framework with host Nikhil Krishna. We discuss in depth, the Celery task processing framework, it's architecture and the underlying messaging...

Jason C. McDonald, author of the book Dead Simple Python, speaks with host Samuel Taggart about leveraging quantified tasks to improve estimation, particularly across projects. They discuss the origin of the concept and its relationship with story points, and Jason offers examples to show how quantified tasks can capture nuances in software tasks that are often lost with story points. He also points to the ability to compare them across projects as a major advantage of quantified tasks. Among other topics, they consider also how to use quantified tasks to analyze the stability of a codebase. Brought to you by IEEE Computer Society and IEEE Software magazine.

Community organizers with the Sunrise Movement explain why they protested outside the GOP Vice Presidential hopeful’s office.

Most living rooms require flexible lighting design solutions because they serve a broad variety of changing functions. The lighting in a typical living room should comfortably serve small group conversation, larger social gatherings that include casual eating and drinking, and... Read more

The post Visual Tasks of Typical Living Room Lighting appeared first on EEP - Electrical Engineering Portal.

New Articles Entry: 'How to write formal IELTS General Writing Task 1 letters' has just been added to the Articles area of UsingEnglish.com.

New Lesson Plans Entry: 'IELTS Writing Task Two tasks on feelings' has just been added to the Lesson Plans area of UsingEnglish.com.

New Articles Entry: 'Analysis of official IELTS formal letter tasks' has just been added to the Articles area of UsingEnglish.com.