This document is only available as a PDF.

This document is only available in PDF format.

Here is a Storify round up of the SpotOn London session: Enhanced eBooks & BookApps: The

Jenny Evans has created a Storify summary of her SpotOn London session: Collaborating and building your online

Here is a Storify summary of the SpotOn London session: BrainSpace, a global interest graph for

This year, Digital Science are sponsoring the Tools track and we’re grateful to them for

Julia Schölermann is the organiser for this year’s SpotOn London session on, What should the scientific

The place we’re in as a society is a crowded field of scattered tools and

Twenty five years after the launch of CVE, the Tenable Security Response Team has handpicked 25 vulnerabilities that stand out for their significance.

Background

In January 1999, David E. Mann and Steven M. Christey published the paper “Towards a Common Enumeration of Vulnerabilities” describing an effort to create interoperability between multiple vulnerability databases. To achieve a common taxonomy for vulnerabilities and exposures, they proposed Common Vulnerabilities and Exposures (CVE). In September 1999, the MITRE Corporation finalized the first CVE list, which included 321 records. CVE was revealed to the world the following month.

As of October 2024, there are over 240,000 CVEs. including many that have significantly impacted consumers, businesses and governments. The Tenable Security Response Team has chosen to highlight the following 25 significant vulnerabilities, followed by links to product coverage for Tenable customers to utilize.

25 Significant CVEs

CVE-1999-0211: SunOS Arbitrary Read/Write Vulnerability

CVE-2010-2568: Windows Shell Remote Code Execution Vulnerability

CVE-2014-0160: OpenSSL Information Disclosure Vulnerability

CVE-2014-6271: GNU Bash Shellshock Remote Code Execution Vulnerability

CVE-2015-5119: Adobe Flash Player Use After Free

CVE-2017-11882: Microsoft Office Equation Editor Remote Code Execution Vulnerability

CVE-2017-0144: Windows SMB Remote Code Execution Vulnerability

CVE-2017-5638: Apache Struts 2 Jakarta Multipart Parser Remote Code Execution Vulnerability

CVE-2019-0708: Remote Desktop Services Remote Code Execution Vulnerability

CVE-2020-0796: Windows SMBv3 Client/Server Remote Code Execution Vulnerability

CVE-2019-19781: Citrix ADC and Gateway Remote Code Execution Vulnerability

CVE-2019-10149: Exim Remote Command Execution Vulnerability

CVE-2020-1472: Netlogon Elevation of Privilege Vulnerability

CVE-2017-5753: CPU Speculative Execution Bounds Check Bypass Vulnerability

CVE-2017-5754: CPU Speculative Execution Rogue Data Cache Load Vulnerability

CVE-2021-36942: Windows LSA Spoofing Vulnerability

CVE-2022-30190: Microsoft Windows Support Diagnostic Tool Remote Code Execution

CVE-2021-44228: Apache Log4j Remote Code Execution Vulnerability

CVE-2021-26855: Microsoft Exchange Server Server-Side Request Forgery Vulnerability

CVE-2021-34527: Microsoft Windows Print Spooler Remote Code Execution Vulnerability

CVE-2021-27101: Accellion File Transfer Appliance (FTA) SQL Injection Vulnerability

CVE-2023-34362: Progress Software MOVEit Transfer SQL Injection Vulnerability

CVE-2023-4966: Citrix NetScaler and ADC Gateway Sensitive Information Disclosure Vulnerability

CVE-2023-2868: Barracuda Email Security Gateway (ESG) Remote Command Injection Vulnerability

CVE-2024-3094: XZ Utils Embedded Malicious Code Vulnerability

Identifying affected systems

A list of Tenable plugins for these vulnerabilities can be found on the individual CVE pages:

• CVE-1999-0211
• CVE-2010-2568
• CVE-2014-0160
• CVE-2014-6271
• CVE-2015-5119
• CVE-2017-11882
• CVE-2017-0144
• CVE-2017-5638
• CVE-2019-0708
• CVE-2020-0796
• CVE-2019-19781
• CVE-2019-10149
• CVE-2020-1472
• CVE-2017-5753
• CVE-2017-5754
• CVE-2021-36942
• CVE-2022-30190
• CVE-2021-44228
• CVE-2021-26855
• CVE-2021-34527
• CVE-2021-27101
• CVE-2023-34362
• CVE-2023-4966
• CVE-2023-2868
• CVE-2024-3094

Frequently asked questions about a zero-day vulnerability in Fortinet’s FortiManager that has reportedly been exploited in the wild.

Background

The Tenable Security Response Team (SRT) has compiled this blog to answer Frequently Asked Questions (FAQ) regarding a zero-day vulnerability in Fortinet’s FortiManager.

FAQ

What is FortiJump?

FortiJump is a name given to a zero-day vulnerability in the FortiGate-FortiManager (FGFM) protocol in Fortinet’s FortiManager and FortiManager Cloud. It was named by security researcher Kevin Beaumont in a blog post on October 22. Beaumont also created a logo for FortiJump.

What are the vulnerabilities associated with FortiJump?

On October 23, Fortinet published an advisory (FG-IR-24-423) for FortiJump, assigning a CVE identifier for the flaw.

What is CVE-2024-47575?

CVE-2024-47575 is a missing authentication vulnerability in the FortiGate to FortiManager (FGFM) daemon (fgfmsd) in FortiManager and FortiManager Cloud.

How severe is CVE-2024-47575?

Exploitation of FortiJump could allow an unauthenticated, remote attacker using a valid FortiGate certificate to register unauthorized devices in FortiManager. Successful exploitation would grant the attacker the ability to view and modify files, such as configuration files, to obtain sensitive information, as well as the ability to manage other devices.

Obtaining a certificate from a FortiGate device is relatively easy:

Comment
by from discussion
infortinet

According to results from Shodan, there are nearly 60,000 FortiManager devices that are internet-facing, including over 13,000 in the United States, over 5,800 in China, nearly 3,000 in Brazil and 2,300 in India:

When was FortiJump first disclosed?

There were reports on Reddit that Fortinet proactively notified customers using FortiManager about the flaw ahead of the release of patches, though some customers say they never received any notifications. Beaumont posted a warning to Mastodon on October 13:

Post by @GossiTheDog@cyberplace.social

View on Mastodon

Was this exploited as a zero-day?

Yes, according to both Beaumont and Fortinet, FortiJump has been exploited in the wild as a zero-day. Additionally, Google Mandiant published a blog post on October 23 highlighting its collaborative investigation with Fortinet into the “mass exploitation” of this zero-day vulnerability. According to Google Mandiant, they’ve discovered over 50 plus “potentially compromised FortiManager devices in various industries.”

Which threat actors are exploiting FortiJump?

Google Mandiant attributed exploitation activity to a new threat cluster called UNC5820, adding that the cluster has been observed exploiting the flaw since “as early as June 27, 2024.”

Is there a proof-of-concept (PoC) available for this vulnerability/these vulnerabilities?

As of October 23, there are no public proof-of-concept exploits available for FortiJump.

Are patches or mitigations available for FortiJump?

The following table contains a list of affected products, versions and fixed versions.

Fortinet’s advisory provides workarounds for specific impacted versions if patching is not feasible. These include blocking unknown devices from attempting to register to FortiManager, creating IP allow lists of approved FortiGate devices that can connect to FortiManager and the creation of custom certificates. Generally speaking, it is advised to ensure FGFM is not internet-facing.

Has Tenable released any product coverage for these vulnerabilities?

A list of Tenable plugins for this vulnerability can be found on the individual CVE page for CVE-2024-47575 as they’re released. This link will display all available plugins for this vulnerability, including upcoming plugins in our Plugins Pipeline.

Get more information

• Burning Zero Days: FortiJump FortiManager vulnerability used by nation state in espionage via MSPs
• FortiGuard Labs PSIRT FG-IR-24-423 Advisory

Join Tenable's Security Response Team on the Tenable Community.
Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

The CISA Known Exploited Vulnerabilities (KEV) catalog and enhanced logging guidelines are among the new measurement tools added for the 2024 State and Local Cybersecurity Grant Program.

Last month, the Department of Homeland Security announced the availability of $279.9 million in grant funding for the Fiscal Year (FY) 2024 State and Local Cybersecurity Grant Program (SLCGP). Now in its third year, the four-year, $1 billion program provides funding for State, Local and Territorial (SLT) governments to implement cybersecurity solutions that address the growing threats and risks to their information systems. Applications must be submitted by December 3, 2024.

While there are no significant modifications to the program for FY 2024, the Federal Emergency Management Agency (FEMA), which administers SLCGP in coordination with the Cybersecurity and Infrastructure Security Agency (CISA), identified key changes, some of which we highlight below:

The FY 2024 NOFO adds CISA’s KEV catalog as a new performance measure and recommended resource

The FY 2024 notice of funding opportunity (NOFO) adds the CISA Known Exploited Vulnerabilities (KEV) catalog as a recommended resource to encourage governments to regularly view information related to cybersecurity vulnerabilities confirmed by CISA, prioritizing those exploited in the wild. In addition, CISA has added “Addressing CISA-identified cybersecurity vulnerabilities” to the list of performance measures it will collect through the duration of the program.

Tenable offers fastest, broadest coverage of CISA’s KEV catalog

At Tenable, our goal is to help organizations identify their cyber exposure gaps as accurately and quickly as possible. To achieve this goal, we have research teams around the globe working to provide precise and prompt coverage for new threats as they are discovered. Tenable monitors and tracks additions to the CISA KEV catalog on a daily basis and prioritizes developing new detections where they do not already exist.

Tenable updates the KEV coverage of its vulnerability management products — Tenable Nessus, Tenable Security Center and Tenable Vulnerability Management — allowing organizations to use KEV catalog data as an additional prioritization metric when figuring out what to fix first. The ready availability of this data in Tenable products can help agencies meet the SLCGP performance measures. This blog offers additional information on Tenable’s coverage of CISA’s KEV catalog.

FY 2024 NOFO adds “Adopting Enhanced Logging” as a new performance measure

The FY 2024 NOFO also adds “Adopting Enhanced Logging” to the list of performance measures CISA will collect throughout the program duration.

How Tenable’s library of compliance audits can help with Enhanced Logging

Tenable's library of Compliance Audits, including Center for Internet Security (CIS) and Defense Information Systems Agency (DISA), allows organizations to assess systems for compliance, including ensuring Enhanced Logging is enabled. Tenable's vulnerability management tools enable customers to easily schedule compliance scans. Users can choose from a continuously updated library of built-in audits or upload custom audits. By conducting these scans regularly, organizations can ensure their systems are secure and maintain compliance with required frameworks.

FY 2024 NOFO continues to require applicants to address program objectives in their applications

As with previous years, the FY 2024 NOFO sets four program objectives. Applicants must address at least one of the following in their applications:

• Objective 1: Develop and establish appropriate governance structures, including by developing, implementing, or revising Cybersecurity Plans, to improve capabilities to respond to cybersecurity incidents, and ensure operations.
• Objective 2: Understand their current cybersecurity posture and areas for improvement based on continuous testing, evaluation, and structured assessments.
• Objective 3: Implement security protections commensurate with risk.
• Objective 4: Ensure organization personnel are appropriately trained in cybersecurity, commensurate with responsibility.

How Tenable can help agencies meet Objective 2 of the program

Tenable is uniquely positioned to help SLTs meet Objective 2 through the Tenable One Exposure Management Platform. In addition to analyzing traditional IT environments, Tenable One analyzes cloud instances, web applications, critical infrastructure environments, identity access and privilege solutions such as Active Directory and more — including highly dynamic assets like mobile devices, virtual machines and containers. Once the complete attack surface is understood, the Tenable One platform applies a proactive risk-based approach to managing exposure, allowing SLT agencies to successfully meet each of the sub-objectives outlined in Objective 2 (see table below).

Source: Tenable, October 2024

Tenable One deployment options offer flexibility for SLT agencies

Tenable offers SLT agencies flexibility in their implementation models to help them best meet the requirements and objectives outlined as part of the SLCGP. Deployment models include:

• Centralized risk-based vulnerability program managed by a state Department of Information Technology (DoIT)
• Multi-entity projects
• Decentralized deployments of Tenable One managed by individual municipalities,
• Managed Security Service Provider (MSSP) models that allow agencies to rapidly adopt solutions by utilizing Tenable’s Technology Partner network.

Whole-of-state approach enables state-wide collaboration and cooperation

A “whole-of-state” approach — which enables state-wide collaboration to improve the cybersecurity posture of all stakeholders — allows state governments to share resources to support cybersecurity programs for local government entities, educational institutions and other organizations. Shared resources increase the level of defense for SLTs both individually and as a community and reduce duplication of work and effort. States get real-time visibility into all threats and deploy a standard strategy and toolset to improve cyber hygiene, accelerate incident response and reduce statewide risk. For more information, read Protecting Local Government Agencies with a Whole-of-State Cybersecurity Approach.

FY 2024 NOFO advises SLT agencies to adopt key cybersecurity best practices

As in previous years, the FY 2024 NOFO again recommends SLT agencies adopt key cybersecurity best practices. To do this, they are required to consult the CISA Cross-Sector Cybersecurity Performance Goals (CPGs) throughout their development of plans and projects within the program. This is also a statutory requirement for receiving grant funding.

How Tenable One can help agencies meet the CISA CPGs

The CISA CPGs are a prioritized subset of cybersecurity practices aimed at meaningfully reducing risk to critical infrastructure operations and the American people. They provide a common set of IT and operational technology (OT) fundamental cybersecurity best practices to help SLT agencies address some of the most common and impactful cyber risks. Learn more about how Tenable One can help agencies meet the CISA CPGs here.

Learn more

• $1 Billion State and Local Cybersecurity Grant Program Now Open for Applicants
• Protecting Local Government Agencies with a Whole-of-State Cybersecurity Approach
• How to Meet FY 2023 U.S. State and Local Cybersecurity Grant Program Objectives
• New U.S. SLCGP Cybersecurity Plan Requirement: Adopt Cybersecurity Best Practices Using CISA's CPGs
• Study: Tenable Offers Fastest, Broadest Coverage of CISA's KEV Catalog

1. 4Critical
2. 82Important
3. 1Moderate
4. 0Low

Microsoft addresses 87 CVEs and one advisory (ADV240001) in its November 2024 Patch Tuesday release, with four critical vulnerabilities and four zero-day vulnerabilities, including two that were exploited in the wild.

Microsoft patched 87 CVEs in its November 2024 Patch Tuesday release, with four rated critical, 82 rated important and one rated moderate.

This month’s update includes patches for:

• .NET and Visual Studio
• Airlift.microsoft.com
• Azure CycleCloud
• Azure Database for PostgreSQL
• LightGBM
• Microsoft Exchange Server
• Microsoft Graphics Component
• Microsoft Office Excel
• Microsoft Office Word
• Microsoft PC Manager
• Microsoft Virtual Hard Drive
• Microsoft Windows DNS
• Role: Windows Hyper-V
• SQL Server
• TorchGeo
• Visual Studio
• Visual Studio Code
• Windows Active Directory Certificate Services
• Windows CSC Service
• Windows DWM Core Library
• Windows Defender Application Control (WDAC)
• Windows Kerberos
• Windows Kernel
• Windows NT OS Kernel
• Windows NTLM
• Windows Package Library Manager
• Windows Registry
• Windows SMB
• Windows SMBv3 Client/Server
• Windows Secure Kernel Mode
• Windows Task Scheduler
• Windows Telephony Service
• Windows USB Video Driver
• Windows Update Stack
• Windows VMSwitch
• Windows Win32 Kernel Subsystem

Remote code execution (RCE) vulnerabilities accounted for 58.6% of the vulnerabilities patched this month, followed by elevation of privilege (EoP) vulnerabilities at 29.9%.

Tenable Solutions

A list of all the plugins released for Microsoft’s November 2024 Patch Tuesday update can be found here. As always, we recommend patching systems as soon as possible and regularly scanning your environment to identify those systems yet to be patched.

For more specific guidance on best practices for vulnerability assessments, please refer to our blog post on How to Perform Efficient Vulnerability Assessments with Tenable.

Get more information

• Microsoft's November 2024 Security Updates
• Tenable plugins for Microsoft November 2024 Patch Tuesday Security Updates

Join Tenable's Security Response Team on the Tenable Community.
Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

TORONTO - The Ontario Securities Commission (OSC) is pleased to announce the release of the 2024 Investment Fund Survey (IFS) data dashboard.

#solo12fraud

Finding sources for funding research can be a demanding task, and one that's not always successful. A new trend that's emerging out of the necessity to fund projects that have no traditional means of support is "crowdfunding." A panel at SpotOnLondon weighs the resulting apprehensions and benefits.

Dr Anne Osterrieder is a Research and Science Communication Fellow in Plant Cell Biology at the Department of

Here is a Storify round up of the SpotOn London session: Incentivising Open Access and Open

Here is a Storify round up of the SpotOn London session: ORCID – why do we

Here is a Storify round up of the SpotOn London session: What do you need to

Here is a Storify round up of the SpotOn London session: Tackling the terabyte: how should

As we’re getting ready to make tickets available for this year’s SpotOn London conference, we’re

Marie Boran is a PhD candidate at the INSIGHT Centre for Data Analytics, the National

In preparation for this year’s SpotOn London 2013 workshop, Interdisciplinary research: what can scientists, humanists

As we’re getting ready to make tickets available for this year’s SpotOn London conference, we’re

Damian Pattinson (@damianpattinson) is a co-organiser of the session on Public Health Links, Lost in Translation at

Here is a Storify collating the online conversation around the Open, Portable, Decoupled – How should

Here is a Storify collecting the online conversations from the Science games: does play work? session at

Here is a Storify collecting the online conversations from the, “The Dark Art of Dark

Kyle Barnes has been plagued by demonic possession all his life. In light of recent revelations, he finally feels like he's starting to piece together the answers he's looking for. But while he feels a new sense of purpose is Reverend Anderson's life falling apart?

"Set in the years leading up the Hugo and Nebula Award-winning Dune— 'Dume: House Atreides transports readers to the far future on the desert planet Arrakis where Pardot Kynes seeks its secrets. Meanwhile, a violent coup is planned by the son of Emperor Elrood; an eight-year-old slave Duncan Idaho seeks to escape his cruel masters; and a young man named Leto Atreides begins a fateful journey. These unlikely souls are drawn together first as renegades and then as something more, as they discover their true fate— to change the very shape of history!" -- Description provided by publisher.

"When 18-year-old Klaus gets himself kicked out of the Umbrella Academy and his allowance discontinued, he heads to a place where his ghoulish talents will be appreciated— Hollywood. But after a magical high on a stash stolen from a vampire drug lord, Klaus needs help, and doesn't have his siblings there to save him." -- Provided by publisher.

"Asa and Kasuga see the tail of a giant creature rise from the water. In a jungle, explorers discover massive claw marks in a tree trunk. And years later in 1964, a mysterious military man appears asking all the wrong questions." -- Provided by publisher.

"The stage is set for the final battle as the first ever Firefly event concludes, with Sheriff Mal Reynolds— yeah, he's still getting used to it too— making a choice that may cost him those he loves most, whether he knows it or not … Shocking losses lead to stunning decisions as Mal and the crew of Serenity must face the consequences of their choices in war against the Blue Sun Corporation. The 'Verse is changing in ways no one ever expected— and a new chapter of Firefly begins here." -- Provided by publisher.

We’re pleased to announce that the SpotOn London conference will take place at the Wellcome

The annual conference, SpotOn London, will be taking place at the Wellcome Trust on Friday,

To accompany this year’s SpotOn London conference, at the Wellcome Trust on Friday, 14 November

We’re delighted to announce that SpotOn will return this year as a one-day conference in

We are extremely grateful for the generous support of our sponsors; SpotOn London would not be

In true adherence to the age old phrase 'let them eat cake' and its traditional application to the under-funded and under-fed masses, for SpotOn London cakes were duly provided much to the enjoyment of the delegates. Since this act generated its own hashtag, it also deserves a Story...

We want to make sure we have collected all of the conversations around this year’s

“Buckle up – we’re going to start with some physics” Our keynote at this year’s

What do you need to put together a successful public campaign about science issues? This

At this year’s SpotOn London, one of the most popular and widely tweeted sessions organised

2020年在诸多方面都让我们始料未及。新冠肺炎（COVID-19）疫情为全球带来了一场大规模的公共卫生灾难，各国均陷入了疫情及其相关应对政策带来的不同程度的经济困境，面临服务严重中断和人员流动严重受限的局面。无论是富裕国家还是贫穷国家，均未能幸免。在中低收入国家，许多弱势群体直接面临食物安全、医疗和营养方面的威胁。丧失生计、营养不良、教育中断和资源枯竭造成的长期影响可能性非常巨大，特别是对许多国家来说，距离新冠肺炎疫情的结束还遥遥无期。此外，疫情还凸显并加剧了我们食物系统的薄弱环节和不平等状况。一年过去了，全球因新冠肺炎疫情而进一步偏离了到2030年实现可持续发展目标(SDG)的进程。显然，食物系统可以在推动我们走上正轨方面发挥核心作用。要想实现可持续发展目标，就必须对食物系统进行转型，帮助我们更好地为下一次冲击做好准备，同时造福世界贫困人口和弱势群体以及我们的地球。

气候变化对全球食物系统构成的威胁日益严重，对食物和营养安全、生计及全人类整体福祉，尤其是对世界各地的贫困人口和弱势群体造成了严峻影响。我们迫切需要对气候变化采取紧急行动，既要实现限制全球变暖所需的大幅度减排，又要提高适应和应对气候变化的能力，这一点正引起全球的广泛关注。《2022全球食物政策报告》提出了一系列加快行动的机会，这些机会应在制定适应、减缓和应对气候变化的政策与投资决策时加以考虑。

In 2021, General Secretary Xi Jinping solemnly declared that China's poverty alleviation battle has achieved a comprehensive victory. However, there is still a long way to go to solve the problem of unbalanced and insufficient development, narrow the development gap between urban and rural areas, and achieve comprehensive human development and common prosperity for all people.

2022年，世界面临多重危机。旷日持久的2019冠状病毒病疫情(COVID-19)、重大自然灾害、内乱和政治动荡以及气候变化日益严重的影响对食物系统的破坏仍在继续，而与此同时，俄乌战争和通货膨胀加剧了全球粮食和化肥危机。危机数量不断增加，多种危机的叠加影响日益加剧，饥饿人口和流离失所者数量不断攀升，促使人们呼吁重新思考粮食危机应对措施，从而为变革创造了一个真正的机会。

Full Book [download]