JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component `/onlDragDatasetHead/getTotalData`.

**Exploitability Metrics**

Attack Vector: This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable system. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across a network is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater severity.

Attack Complexity: This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. These are conditions whose primary purpose is to increase security and/or increase exploit engineering complexity. A vulnerability exploitable without a target-specific variable has a lower complexity than a vulnerability that would require non-trivial customization. This metric is meant to capture security mechanisms utilized by the vulnerable system.

Attack Requirements: This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack. These differ from security-enhancing techniques/technologies (ref Attack Complexity) as the primary purpose of these conditions is not to explicitly mitigate attacks, but rather, emerge naturally as a consequence of the deployment and execution of the vulnerable system.

Privileges Required: This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.

User interaction: This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable system. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner.

**Vulnerable System Impact Metrics**

Confidentiality: This metric measures the impact to the confidentiality of the information managed by the VULNERABLE SYSTEM due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.

Integrity: This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of the VULNERABLE SYSTEM is impacted when an attacker makes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging).

Availability: This metric measures the impact to the availability of the VULNERABLE SYSTEM resulting from a successfully exploited vulnerability. While the Confidentiality and Integrity impact metrics apply to the loss of confidentiality or integrity of data (e.g., information, files) used by the system, this metric refers to the loss of availability of the impacted system itself, such as a networked service (e.g., web, database, email). Since availability refers to the accessibility of information resources, attacks that consume network bandwidth, processor cycles, or disk space all impact the availability of a system.

**Subsequent System Impact Metrics**

Confidentiality: This metric measures the impact to the confidentiality of the information managed by the SUBSEQUENT SYSTEM due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.

Integrity: This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of the SUBSEQUENT SYSTEM is impacted when an attacker makes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging).

Availability: This metric measures the impact to the availability of the SUBSEQUENT SYSTEM resulting from a successfully exploited vulnerability. While the Confidentiality and Integrity impact metrics apply to the loss of confidentiality or integrity of data (e.g., information, files) used by the system, this metric refers to the loss of availability of the impacted system itself, such as a networked service (e.g., web, database, email). Since availability refers to the accessibility of information resources, attacks that consume network bandwidth, processor cycles, or disk space all impact the availability of a system.

GHSA-mcw3-h5xg-r95m: JeecgBoot SQL Injection vulnerability

Despite the absence of laws specifically covering AI-based attacks, regulators can use existing rules around fraud and deceptive business practices.

Source: mike via Adobe Stock Photo

As AI-generated deepfakes become more sophisticated, regulators are turning to existing fraud and deceptive practice rules to combat misuse. While no federal law specifically addresses deepfakes, agencies like the FTC and SEC are applying creative solutions to mitigate these risks.

The quality of AI-generated deepfakes is astounding. "We cannot believe our eyes anymore. What you see is not real," says Binghamton University professor Yu Chen. Tools are being developed in real time to distinguish between an authentic image and a deepfake. But even if a user knows an image isn't real, there are still challenges.

"Using AI tools to trick, mislead, or defraud people is illegal," Federal Trade Commission chair Lina M. Kahn said, back in September. AI tools used for fraud or deception are subject to existing laws, and Khan made it clear the FTC will be going after artificial intelligence fraudsters.

**Intent: Fraud and Deception**

Deepfakes can be used for other corporate unfair business practices, such as creating a false image of an executive who announces their company is taking an action that could cause stock prices to change. For example, a deepfake could declare a company is going out of business or make an acquisition. If stock trading stock is involved, the SEC could prosecute.

When a deepfake is created with the intent to deceive, "that is a classic element of fraud," says Joanna Forster, a partner at the law firm Crowell & Morning and the former deputy attorney general, Corporate Fraud Section, for the State of California

"We've all seen the past four years a very activist FTC on areas of antitrust and competition, on consumer protection, on privacy," Forster says.

In fact, an FTC official, speaking on background, says the agency is aggressively addressing the issue. In April, a rule on government or business impersonation went into effect. The agency also is continuing its efforts on voice clones designed to deceive and defraud victims. The agency has a business guidance blog that tracks many of these efforts.

Several state and local laws address deepfakes and privacy, but there is no federal legislation or clear rules defining which agency takes the lead on enforcement. In early October, U.S. District Judge John A. Mendez granted a preliminary injunction blocking a California law against election-related deepfakes. Even though the judge acknowledged AI and deepfakes pose significant risks, California's law likely violated the First Amendment, Mendez said. Currently, 45 states plus the District of Columbia have laws prohibiting using deepfakes in elections.

**Privacy and Accountability Challenges**

There are few laws that protect non-celebrities or politicians from a deepfake violating their privacy. The laws are written so that they protect the celebrity's trademarked face, voice and mannerisms. This differs from a comic impersonating a celebrity for entertainment's sake where there is no intent to deceive the audience. However, if a deepfake does try to deceive the audience, that crosses the line of intent to deceive.

In the case of a deepfake of a non-celebrity, there is no way to sue without first knowing who created the deepfake, which is not always possible on the internet, says Debbie Reynolds, privacy expert and CEO of Debbie Reynolds Consulting. Identity theft laws might apply in some cases, but internet anonymity is difficult to overcome. "You may never know who created this thing, but that harm still exists," Reynolds says.

While some states are looking at laws specifically focusing on the use of AI and deepfakes, the tool used for the fraud or deception is not significant, says Edward Lewis, CEO of CyXcel, a consulting firm specializing in cybersecurity law and risk management.  Many corporate executives do not realize how easy deepfakes and other AI-generated content are to create and distribute.

"It's not so much about what do I need to know about deepfakes; It's rather who has access, and how do we control that access in the workplace, because we wouldn't want our staff to be engaging for inappropriate reasons with any AI," Lewis says. "Secondly, what is our firm's policy on the use of AI? What context can or can't it be used for, and who actually do we grant access to AI so that they can carry out their jobs?"

Lewis notes, "It's much the same way as we have controls around other cyber security risks. The same controls need to be considered in the context of the use of AI."

As AI-generated deepfakes become more sophisticated, regulators are working to adapt by leveraging existing fraud and privacy laws. Without federal legislation specific to deepfakes, agencies like the FTC and SEC are actively enforcing rules against deception, impersonation, and identity misuse. But the challenges of accountability, privacy, and recognition persist, leaving gaps that both individuals and organizations need to navigate. As regulatory frameworks evolve, proactive measures—such as AI governance policies and continuous monitoring—will be essential in mitigating risks and safeguarding trust in the digital landscape.

**About the Author**

Stephen Lawton is a veteran journalist and cybersecurity subject matter expert who has been covering cybersecurity and business continuity for more than 30 years. He was named a Global Top 25 Data Expert for 2023 and a Global Top 20 Cybersecurity Expert for 2022. Stephen spent more than a decade with SC Magazine/SC Media/CyberRisk Alliance, where he served as editorial director of the content lab. Earlier he was chief editor for several national and regional award-winning publications, including MicroTimes and Digital News & Review. Stephen is the founder and senior consultant of the media and technology firm AFAB Consulting LLC. You can reach him at \[email protected\].

Regulators Combat Deepfakes With Anti-Fraud Rules

A vulnerability was identified in Consul and Consul Enterprise such that the server response did not explicitly set a Content-Type HTTP header, allowing user-provided inputs to be misinterpreted and lead to reflected XSS.

GHSA-99wr-c2px-grmh: Hashicorp Consul Cross-site Scripting vulnerability

A vulnerability was identified in Consul and Consul Enterprise ("Consul") such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules.

GHSA-chgm-7r52-whjj: Hashicorp Consul Path Traversal vulnerability

A vulnerability was identified in Consul and Consul Enterprise ("Consul") such that using Headers in L7 traffic intentions could bypass HTTP header based access rules.

GHSA-5c4w-8hhh-3c3h: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability

A national security memorandum on artificial intelligence tasks various federal agencies with securing the AI supply chain from potential cyberattacks and disseminating timely threat information about them.

Source: Marcos Alvarado via Alamy Stock Photo

President Joe Biden issued the first national security memorandum on artificial intelligence (AI), recognizing that advances in the field will have significant implications for national security and foreign policy. The memorandum builds on the administration's policies to drive the safe, secure, and trustworthy development of AI. 

The White House directed the US government to create systems that ensure the country will lead in the global race to develop AI technology for national security purposes and to advance international regulations and governance. The memorandum also seeks to ensure that AI adoption reflects democratic values and protects human rights, civil rights, civil liberties, and privacy while encouraging the international community to adhere to the same values. 

"While the memorandum holds broader implications for AI governance, cybersecurity-related measures are particularly noteworthy and essential to advancing AI resilience in national security applications," wrote R Street cybersecurity fellow Haiman Wong in an analysis of the memorandum. 

The memorandum, issued last week, tasks the National Security Council and the Office of the Director of National Intelligence (ODNI) with reviewing national intelligence priorities to improve the identification and assessment of foreign intelligence threats targeting the US AI ecosystem, Wong noted. A group of agencies, including ODNI, the Department of Defense, and the Department of Justice, are responsible for identifying critical nodes in the AI supply chain that could be disrupted or compromised by foreign actors, ensuring that proactive and coordinated measures are in place to mitigate such risks.

The memorandum tasks the Department of Energy with launching a pilot project to evaluate the performance and efficiency of federated AI and data sources in order to refine AI capabilities that could improve cyber threat detection, response, and offensive operations against potential adversaries, Wong said. The Department of Homeland Security, the FBI, the National Security Agency, and the Department of Defense are tasked with publishing unclassified guidance on known AI cybersecurity vulnerabilities, threats, and best practices for avoiding, detecting, and mitigating these risks during AI model training and deployment, as well.

"Our competitors want to upend U.S. AI leadership and have employed economic and technological espionage in efforts to steal U.S. technology," the White House said in a statement. "This NSM makes collection on our competitors' operations against our AI sector a top-tier intelligence priority, and directs relevant U.S. Government entities to provide AI developers with the timely cybersecurity and counterintelligence information necessary to keep their inventions secure." 

These guidelines are an important step in making sure that AI is leveraged in safe, thoughtful ways for both industry and national security, stated Jeffrey Zampieron, distinguished software engineer at defense technology firm Raft, in an email to Dark Reading.

"Fundamentally, this is quality control," he said. "We want to ensure that AI behaves in a manner that is safe and efficacious for the application of interest. Guidelines provide creators with structured consistent ways to evaluate their work and provide consumers with confidence that the AI will work as intended."

The risks of unregulated AI technologies could be severe, he said. 

"Risks lead to hazards and hazards lead to harms," he said. "The primary risk is that we give AI control of some critical behavior and it acts in a way that causes harm: physical, property, financial. It's very application-specific. What's the risk of using AI to tell jokes? Not much. What's the risk of using AI to fire ordinance? Quite high."

**About the Author**

Jennifer Lawinski is a writer and editor with more than 20 years experience in media, covering a wide range of topics including business, news, culture, science, technology and cybersecurity. After earning a Master's degree in Journalism from Boston University, she started her career as a beat reporter for The Daily News of Newburyport. She has since written for a variety of publications including CNN, Fox News, Tech Target, CRN, CIO Insight, MSN News and Live Science. She lives in Brooklyn with her partner and two cats.

White House Outlines AI's Role in National Security

The Russian-backed group is using a novel access vector to harvest victim data and compromise devices in a large-scale intelligence-gathering operation.

Source: Funtap via Shutterstock

"Midnight Blizzard," a threat group linked to Russia's foreign intelligence service, is stoking more concern than usual for both its sheer scope and its use of a new tactic for harvesting information and gaining control of victim systems.

Microsoft this week said its threat intelligence group observed Midnight Blizzard actors sending out thousands of spear-phishing emails to targeted individuals at more than 100 organizations worldwide since Oct. 22.

**Large-Scale Campaign**

Besides its wide scope, the campaign is noteworthy for Midnight Blizzard's use of a digitally signed Remote Desktop Protocol (RDP) configuration file in its spear-phishing emails. The RDP file connects to a server controlled by a threat actor; when the file is opened, it allows the attacker to harvest user credentials and detailed system information to aid further exploit activity.

"The emails were highly targeted, using social engineering lures relating to Microsoft, Amazon Web Services (AWS), and the concept of zero trust," Microsoft said on its threat intelligence group blog this week. "Microsoft has observed this campaign targeting governmental agencies, higher education, defense, and non-governmental organizations in dozens of countries, but particularly in the UK, Europe, Australia, and Japan."

Midnight Blizzard — aka Cozy Bear, APT29, and UNC2452 — has been the proverbial thorn in the side of security organizations for some years now. The group's many victims include SolarWinds, Microsoft, HPE, multiple US federal government agencies, and diplomatic entities worldwide. Its well-documented tactics, techniques, and procedures (TTPs) include using spear phishing, stolen credentials, and supply chain attacks for initial access. Midnight Blizzard actors have also targeted vulnerabilities in widely used networking and collaboration technologies such as those from Fortinet, Pulse Secure, Citrix, and Zimbra to gain an initial toehold on a target network.

**Bidirectional Connection**

The RDP file in the Microsoft, AWS, and zero-trust themed emails in Midnight Blizzard's latest campaign allows the attacker to establish a quick, bidirectional connection with a compromised device. The threat actor is using it to harvest a range of information including user credentials, files, and directories on the victim system and connected network drives; information from connected smart cards and other peripherals; Web authentication credentials; and clipboard data. The RDF file is signed with a LetsEncrypt certificate to lend it an air of legitimacy. "This access could enable the threat actor to install malware on the target's local drive(s) and mapped network share(s), particularly in AutoStart folders, or install additional tools such as remote access Trojans (RATs) to maintain access when the RDP session is closed," Microsoft cautioned.

Stephen Kowski, field CTO at SlashNext, says Midnight Blizzard's use of signed RDP files in its current campaign is significant. Signed RDP files can bypass traditional security controls since they appear to come from a legitimate source, he points out.

"This technique is particularly cunning because RDP files are commonly used in business environments, making them less likely to raise immediate suspicion, while the legitimate signature helps evade standard malware detection systems," he says. He advocates that organizations scan all email attachments in real time, with a particular focus on RDP files and other seemingly legitimate Microsoft-related content. "The use of legitimately signed files creates a significant blind spot for conventional security tools that rely heavily on signature-based detection or reputation scoring," Kowski advises.

**Mitigating the Threat**

Microsoft has released a list of indicators of compromise for the new Midnight Blizzard campaign, including email sender domains, RDP files, and RDP remote computer domains. It has recommended that security teams review their organizational email security settings and antivirus and anti-phishing measures; turn on Safe Links and Safe Attachments settings in Office 365; and enable measures for quarantining sent email if needed. Other recommendations include using firewalls to block RDP connections, implementing multifactor authentication, and strengthening endpoint security configurations.

Venky Raju, field CTO at ColorTokens, says the campaign is a reminder why organizations need to maintain a tight rein over the use of Microsoft's remote desktop. While it can be useful to share devices, folders, and clipboard content over an RDP session, it gives attackers a way into a user's device. "Signing the RDP configuration file may prevent email security systems from classifying the email as having a suspicious link or attachment. It may also reduce the warnings presented by the RDP client," he points out.

**About the Author**

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

'Midnight Blizzard' Targets Networks With Signed RDP Files

A deserialization vulnerability in the component \controller\Index.php of Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code.

GHSA-pjhx-j53p-c5f5: ThinkPHP deserialization vulnerability

A malvertising campaign is exploiting Meta’s platform to spread SYS01 infostealer, targeting men 45+ via fake ads for…

A malvertising campaign is exploiting Meta’s platform to spread SYS01 infostealer, targeting men 45+ via fake ads for popular software. The malware steals Facebook credentials, hijacks accounts espicially those administrating business pages, and spreads further attacks globally.

A new malvertising campaign is exploiting Meta’s advertising platform to spread the **SYS01 infostealer**, a cybersecurity threat known to Meta and particularly Facebook users for stealing their personal information.

What makes this attack targeted is that millions of users globally, specifically men aged 45 and above, are potential victims of this ongoing attack, which cleverly disguises itself as advertisements for popular software, games, and online services.

This campaign, first detected in September 2024, stands out due to its impersonation tactics and popular brands that it exploits. Instead of focusing on a single lure, the attackers mimic a broad range of trusted brands, including productivity tools like Office 365, creative software like Canva and Adobe Photoshop, VPN services like ExpressVPN, streaming platforms like Netflix, messaging apps like Telegram, and even popular video games like Super Mario Bros Wonder.

****How the Attack Works:****

According to Bitdefender’s **blog post** shared with Hackread.com ahead of publishing on Wednesday, the malicious ads often lead to MediaFire links offering direct downloads of seemingly legitimate software. These downloads, packaged as zip archives, contain a malicious Electron application.

Once executed, this application drops and **runs the SYS01 infostealer**, often while displaying a decoy app that mimics the advertised software. This deceptive tactic makes it difficult for victims to realize they’ve been compromised.

For your information, an Electron application is a type of desktop app built with web technologies like HTML, CSS, and JavaScript. Electron is an open-source framework developed by GitHub that allows developers to create cross-platform applications that run on Windows, macOS, and Linux, all from a single codebase.

In this attack however, behind the scenes, the Electron app uses obfuscated Javascript code and a standalone 7zip executable to extract a password-protected archive containing the core malware components. This archive includes PHP scripts responsible for **installing the infostealer** and establishing persistence on the victim’s system. The malware also incorporates anti-sandbox checks to evade detection by security researchers.

****Stealing Data and Hijacking Accounts:****

The primary goal of the SYS01 infostealer is to harvest Facebook credentials, particularly those associated with business accounts. These compromised accounts are then used to further attacks/scams.

What’s worse, the attack also leverages the advertising capabilities of hijacked accounts, allowing attackers to create **new malicious ads** that appear more legitimate and easily bypass security filters. This creates a self-sustaining cycle where stolen accounts are used to spread the malware even further. The stolen credentials are also likely sold on underground marketplaces, further enriching the criminals.

Fake Netflix, Super Mario Bros. Wonder, and other malicious ads are currently being used in the campaign (Via Bitdefender)

****Global Reach and Protection****

While the campaign has a global reach, impacting users in the EU, North America, Australia, and Asia, Bitdefender could not verify the full extent of its impact, especially outside the EU, which remains unclear due to limited data transparency.

Nevertheless, if you are on Facebook—especially if you run a business page—you must watch out for SYS01 Infostealer and **similar threats**. While using common sense is essential, here are some vital steps you should take:

1.  **Monitor your accounts:** Regularly check your Facebook and other social media accounts for suspicious activity. Report any unauthorized access immediately and change your passwords.
2.  **Be wary of ads:** Exercise caution when clicking on ads, especially those offering free downloads or deals that seem too good to be true. Verify the source before downloading any software.
3.  **Stick to official sources:** Download software directly from official websites or trusted app stores. Avoid third-party platforms and file-sharing services.
4.  **Use strong security software:** Install reputable security software and keep it updated. Choose a solution that offers real-time protection and advanced threat detection.
5.  **Enable two-factor authentication (2FA):** Activate 2FA on your Facebook and other important online accounts for added security.

1.  **Fake GTA VI Beta Download Spreads Malware**
2.  **ALPHV Ransomware Uses Google Ads to Target Victims**
3.  **Fake WhatsApp clone steals crypto on Android and Windows**
4.  **Facebook, Meta, Apple, Amazon Most Impersonated in Scams**
5.  **Fake ChatGPT and Facebook Ads Used in DNS Investment Scam**

Fake Meta Ads Hijacking Facebook Accounts to Spread SYS01 Infostealer

PRESS RELEASE

DALLAS, Oct. 29, 2024 (GLOBE NEWSWIRE) -- MEF, a global consortium of network, cloud, security, and technology providers driving enterprise digital transformation, today announced significant advancements in its MEF 3.0 Secure Access Service Edge (SASE) Certification Program. Technology providers Fortinet and Versa have achieved full SASE certification, while service providers AT&T, BT, Colt, Comcast Business, Console Connect, Liberty Latin America, Lumen, Orange Business, TPG, and Verizon have also earned full SASE certification. Additionally, technology providers Broadcom Inc. and Palo Alto Networks, and service provider Sparkle, are expected to achieve full SASE certification shortly. Organizations that achieve SASE certification through MEF’s rigorous independent program receive a rating on product effectiveness and are listed in MEF’s registry of certified companies. SASE certification is now available to all MEF members.

"As cyber threats continue to escalate in complexity and frequency, enterprises need absolute confidence in their security solutions,” said Nan Chen, Chief Executive Officer, MEF. “MEF's independent SASE certification program provides that assurance, enabling organizations to choose validated solutions that protect their digital assets and support their transformation initiatives."

Validated Security for the Enterprise   
MEF's comprehensive certification program addresses today's critical cybersecurity threats through rigorous testing of SASE, which includes Software-Defined Wide Area Network (SD-WAN), Security Service Edge (SSE), and Zero Trust (ZT) capabilities. The program is delivered in partnership with CyberRatings.org (CRO), a world-class testing laboratory that ensures transparency and confidence in cybersecurity solutions.

Technology providers must successfully complete all three certification modules to achieve full SASE certification. Service providers can achieve certification by integrating MEF-certified technology solutions, ensuring enterprise customers can trust the security and performance of their provider's ecosystem.

"Building secure, high-performing networks is critical to enterprise success,” said Pascal Menezes, Chief Technology Officer, MEF. “By achieving SASE certification, technology and service providers are proving their commitment to delivering reliable, scalable, and secure solutions."

Setting the Standard for Network Security   
The certification program validates compliance with MEF standards, including MEF SD-WAN (MEF 70.1) and industry-first standards for SASE (MEF 117) and Zero Trust (MEF 118). Certified solutions receive detailed ratings displayed in MEF's certification registry, enabling enterprises to make informed decisions about their security investments.

As SASE becomes central to Network-as-a-Service (NaaS) offerings, certified solutions give enterprises confidence in the cybersecurity embedded within their network environments. To help organizations navigate this landscape, MEF recently released its "State of the Industry Report: SASE – Validating Cyber Defense in an Era of Unprecedented Threats."

More information about MEF’s SASE certification program can be found here.

SASE certifications and advancements will be featured at MEF’s Global Network-as-a-Service Event (GNE) from Oct 28–30, 2024, in Dallas, Texas. Visit gne.mef.net.

About MEF  
MEF is a global consortium of service, cloud, cybersecurity, and technology providers collaborating to accelerate enterprise digital transformation. It delivers standards-based frameworks, services, technologies, APIs, and certification programs to enable Network-as-a-Service (NaaS) across an automated ecosystem. MEF is the defining authority for certified Lifecycle Service Orchestration (LSO) business and operational APIs and Carrier Ethernet, SASE, SD-WAN, Zero Trust, and Security Service Edge (SSE) technologies and services. MEF’s Global NaaS Event (GNE) convenes industry leaders building, delivering and consuming the next generation of NaaS solutions. For more information about MEF, visit MEF.net and follow us on LinkedIn, Twitter and YouTube.

Tag

#auth