This document is only available in PDF format.

The Securities Advisory Committee (“SAC”) is a committee of industry experts established by the Commission to advise it and its staff on a variety of matters including policy initiatives and capital markets trends.

This document is only available as a PDF.

This document is only available as a PDF.

This document is only available in PDF format.

This document is only available in PDF format.

Jenny Evans has created a Storify summary of her SpotOn London session: Collaborating and building your online

Assessing social media impact was one of the workshop sessions at November’s SpotOn London conference,

It ain’t a party if you can’t join us Towards the end of April, SpotOn

The place we’re in as a society is a crowded field of scattered tools and

Here is a Storify collecting the online conversations from the Wikipedia editing workshop at this year’s

Frequently asked questions about a zero-day vulnerability in Fortinet’s FortiManager that has reportedly been exploited in the wild.

Background

The Tenable Security Response Team (SRT) has compiled this blog to answer Frequently Asked Questions (FAQ) regarding a zero-day vulnerability in Fortinet’s FortiManager.

FAQ

What is FortiJump?

FortiJump is a name given to a zero-day vulnerability in the FortiGate-FortiManager (FGFM) protocol in Fortinet’s FortiManager and FortiManager Cloud. It was named by security researcher Kevin Beaumont in a blog post on October 22. Beaumont also created a logo for FortiJump.

What are the vulnerabilities associated with FortiJump?

On October 23, Fortinet published an advisory (FG-IR-24-423) for FortiJump, assigning a CVE identifier for the flaw.

What is CVE-2024-47575?

CVE-2024-47575 is a missing authentication vulnerability in the FortiGate to FortiManager (FGFM) daemon (fgfmsd) in FortiManager and FortiManager Cloud.

How severe is CVE-2024-47575?

Exploitation of FortiJump could allow an unauthenticated, remote attacker using a valid FortiGate certificate to register unauthorized devices in FortiManager. Successful exploitation would grant the attacker the ability to view and modify files, such as configuration files, to obtain sensitive information, as well as the ability to manage other devices.

Obtaining a certificate from a FortiGate device is relatively easy:

Comment
by from discussion
infortinet

According to results from Shodan, there are nearly 60,000 FortiManager devices that are internet-facing, including over 13,000 in the United States, over 5,800 in China, nearly 3,000 in Brazil and 2,300 in India:

When was FortiJump first disclosed?

There were reports on Reddit that Fortinet proactively notified customers using FortiManager about the flaw ahead of the release of patches, though some customers say they never received any notifications. Beaumont posted a warning to Mastodon on October 13:

Post by @GossiTheDog@cyberplace.social

View on Mastodon

Was this exploited as a zero-day?

Yes, according to both Beaumont and Fortinet, FortiJump has been exploited in the wild as a zero-day. Additionally, Google Mandiant published a blog post on October 23 highlighting its collaborative investigation with Fortinet into the “mass exploitation” of this zero-day vulnerability. According to Google Mandiant, they’ve discovered over 50 plus “potentially compromised FortiManager devices in various industries.”

Which threat actors are exploiting FortiJump?

Google Mandiant attributed exploitation activity to a new threat cluster called UNC5820, adding that the cluster has been observed exploiting the flaw since “as early as June 27, 2024.”

Is there a proof-of-concept (PoC) available for this vulnerability/these vulnerabilities?

As of October 23, there are no public proof-of-concept exploits available for FortiJump.

Are patches or mitigations available for FortiJump?

The following table contains a list of affected products, versions and fixed versions.

Fortinet’s advisory provides workarounds for specific impacted versions if patching is not feasible. These include blocking unknown devices from attempting to register to FortiManager, creating IP allow lists of approved FortiGate devices that can connect to FortiManager and the creation of custom certificates. Generally speaking, it is advised to ensure FGFM is not internet-facing.

Has Tenable released any product coverage for these vulnerabilities?

A list of Tenable plugins for this vulnerability can be found on the individual CVE page for CVE-2024-47575 as they’re released. This link will display all available plugins for this vulnerability, including upcoming plugins in our Plugins Pipeline.

Get more information

• Burning Zero Days: FortiJump FortiManager vulnerability used by nation state in espionage via MSPs
• FortiGuard Labs PSIRT FG-IR-24-423 Advisory

Join Tenable's Security Response Team on the Tenable Community.
Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

To tie in with this month’s SoNYC birthday celebrations, we are hosting a collection of case

A twitter TeachIn about marine protected areas, hosted by @RJ_Dunlap on 4/8/2013

Selected responses categorized into 'helped', 'helped and harmed' and 'harmed'.

To tie in with this month’s SoNYC birthday celebrations, we are hosting a collection of case

To tie in with this month’s SoNYC birthday celebrations, we are hosting a collection of case

To tie in with this month’s SoNYC birthday celebrations, we are hosting a collection of case

To tie in with this month’s SoNYC birthday celebrations, we are hosting a collection of case

James King is a geomorphologist interested in exploring the processes that govern sediment transport and

TORONTO – The Ontario Securities Commission (OSC) today released a new report that studied the impact of gamification on investors.

TORONTO – The Capital Markets Tribunal is seeking applications for membership to the Securities Proceedings Advisory Committee (SPAC).

TORONTO – The Canadian Securities Administrators (CSA) today published

TORONTO – The Ontario Securities Commission has today published its

Finding sources for funding research can be a demanding task, and one that's not always successful. A new trend that's emerging out of the necessity to fund projects that have no traditional means of support is "crowdfunding." A panel at SpotOnLondon weighs the resulting apprehensions and benefits.

Here is a Storify round up of the SpotOn London session: ORCID – why do we

Here is a Storify round up of the SpotOn London session: What do you need to

Here is a Storify collating the online conversation around the Open, Portable, Decoupled – How should

Here is a Storify collecting the online conversations from the, “The Dark Art of Dark

"Kyle is faced with the most emotional exorcism he's performed yet … as he begins to learn more about his abilities and what's really happening around him. The pieces are starting to fall into place as secrets are revealed that will change everything." -- Description provided by publisher.

"As the House of Slaughter arrives to clean up the situation by any means necessary, Erica will find that the true threat to those around her isn't who— or what— she ever expected. And the cost of saving the day may be too high for anyone to pay … ." -- Description provided by publisher.

"A desperate call for help interrupts holiday celebrations at the Bureau of Balance, and sends Taako, Magnus and Merle on a high-stakes mission to find and reclaim a fourth deadly relic: a powerful transmutation stone, hidden somewhere in the depths of a floating arcane laboratory that's home to the Doctors Maureen and Lucas Miller. An unknown menace has seized control of the stone, and is using it to transform the lab into a virulent pink crystal that spreads to everything it touches. It's only a matter of time before this sparkling disaster crash-lands, but in order to find the stone and save the whole planet from being King Midased, our heroes will have to fight their way through a gauntlet of rowdy robots and crystal golems, decide whether they can trust the evasive Lucas Miller, and solve the mystery of what— or who— has put them all in peril, before there's no world left to save." -- Provided by publisher

"Set in the years leading up the Hugo and Nebula Award-winning Dune— 'Dume: House Atreides transports readers to the far future on the desert planet Arrakis where Pardot Kynes seeks its secrets. Meanwhile, a violent coup is planned by the son of Emperor Elrood; an eight-year-old slave Duncan Idaho seeks to escape his cruel masters; and a young man named Leto Atreides begins a fateful journey. These unlikely souls are drawn together first as renegades and then as something more, as they discover their true fate— to change the very shape of history!" -- Description provided by publisher.

"Sheriff Mal Reynolds has a new partner— a law enforcing robot from the Blue Sun corporation, who doesn't care about motives, about mercy, about anything other than enforcing the law— no matter the cost. The Blue Sun Corporation has helped to run the universe from the shadows for years, but they're ready to step into the light and take over. If Mal wants to keep his job and protect his sector, the smart move would be to play by their rulebook. But for Mal, there's really one choice— reunite the crew of the Serenity for one last impossible job to save the 'verse. Greg Pak and artist Dan McDaid launch Mal & the crew of Serenity into their biggest war yet, officially continuing Joss Whedon's acclaimed series." -- Provided by publisher.

"The stage is set for the final battle as the first ever Firefly event concludes, with Sheriff Mal Reynolds— yeah, he's still getting used to it too— making a choice that may cost him those he loves most, whether he knows it or not … Shocking losses lead to stunning decisions as Mal and the crew of Serenity must face the consequences of their choices in war against the Blue Sun Corporation. The 'Verse is changing in ways no one ever expected— and a new chapter of Firefly begins here." -- Provided by publisher.

"France spirals towards a civil war, as nobles continue to ignore the people of France. Noblewoman Oscar Fraṅois de Jarjayes is forced to reconsider her life as a soldier and a woman, her loyalties and her love. Marie Antoinette and the royal family seek escape, while Robespierre and the National Assembly take up arms and demand democracy." -- Provided by publisher.

"The Joker is dead. There is no doubt about that. But whether Batman finally snapped his scrawny neck or some other sinister force in Gotham City did the deed is still a mystery. Problem is, Batman can't remember … and the more he digs into this labyrinthine case, the more he starts to doubt everything he's uncovering. So who better to set him straight than … John Constantine? The problem with that is as much as John loves a good mystery, he loves messing with people's heads even more. So with John's 'help', the pair will delve into the sordid underbelly of Gotham as they race toward the mind-blowing truth of who murdered The Joker." -- Page [4] of cover.

Here is a Storify collecting the online conversations from the “How are online tools changing

What do you need to put together a successful public campaign about science issues? This

At this year’s SpotOn London, one of the most popular and widely tweeted sessions organised

Since the 18th National Congress of the Communist Party of China, China’s economicdevelopment has entered a new stage. Under the circumstances, the goal of “Common Prosperity” has attracted more and more attention over the past several years. China’s long-term implementation of urban-biased policies led to a huge gap between urban and rural areas for a long time and hindered the realization of common prosperity.

The singular journey of Odd Thomas is approaching its unforgettable conclusion in Saint Odd. But before Odd's destiny is revealed, this exclusive eBook short story looks back-way back-to where it all began for Odd Thomas and Stormy Llewellyn, two souls who are destined to be together forever. Amid the dizzying rides, tantalizing games of chance, and fanciful attractions of a state fair, two teenage sweethearts on the cusp of life and love's pleasures find their way to a shadowy carnival tent brimming with curiosities. There, from the bizarre and enthralling Gypsy Mummy, a mechanized merchant of dreams and prognosticator of tomorrows, the young couple learns what fate promises for them. But fate, for Odd Thomas and Stormy Llewellyn, is something altogether different: full of dark corners, sharp edges, and things no seer or soothsayer could ever anticipate. And for Odd Thomas, a gallant fry cook from a sleepy California desert town, the future beckons-to listen to unquiet spirits, pursue unsettling mysteries, and learn shocking truths ...for a purpose far greater than himself.

Debbie Macomber's heartwarming series, set at the Rose Harbor Inn in picturesque Cedar Cove, displays the author's signature talent for creating characters who feel like friends, and small towns that feel like home. In this original short story, Jo Marie Rose readies her inn for spring, turning to her new friends Grace and Olivia when she needs them most. Jo Marie has big plans for her bed-and-breakfast. With the help of handyman Mark Taylor, she intends to plant a beautiful rose garden in time for her upcoming open house. Jo Marie and Mark rarely see eye to eye-especially on matters of home improvement-but she knows he has her best interests at heart. After the two walk the grounds, Jo Marie realizes that her beloved rescue dog, Rover, is missing, and at a time when she most needs a friend, Mark abruptly leaves. Confused by Mark's behavior and worried for Rover's safety, Jo Marie searches for her precious pup all over Cedar Cove. Rover is on an adventure of his own-one that will lead to a delightful surprise for two unlikely people. Includes an excerpt from Debbie Macomber's Last One Home.

Mystery author Rachel Goldman is getting used to the idea that her fictional creation Duffy Madison has somehow taken flesh-and-blood form and is investigating missing person cases not far from where Rachel lives. Wait. No. She’s not getting used to it at all, and the presence of this real-life Duffy is making her current manuscript—what’s the word?—lousy. So she doesn’t want to see Duffy—the living one—at all. To make matters worse, when he shows up at her door and insists on talking to her, it’s about the one thing she doesn’t want to do: Find a missing person. But the man Duffy seeks this time around might be able to solve Rachel’s problem. He might just be the man Duffy was before he became Duffy five years ago. The only problem is she could be letting Duffy lead her into danger yet again… Entertaining and witty, the second in E.J. Copperman's Mysterious Detective Mystery series Edited Out will delight his fans, both new and old.