(Please visit the site to view this video)

What does it take to make a city greener? In San Francisco, it took a small group of motivated people to come together to create a nonprofit. After the city cut funding for urban forestry 36 years ago, seven individuals decided to take matters into their own hands. They created a nonprofit, Friends of the Urban Forest (FUF).

Starting with a Small Budget, FUF Plants Nearly Half San Francisco's Street Trees

The organization started off with just a small budget from a leftover city grant. Then it used grassroots efforts to rally neighborhoods throughout the city around urban trees. By empowering and supporting communities and homeowners to plant and care for their own trees, FUF has successfully planted 60,000 of the 125,000 trees in San Francisco. The group eventually even worked with the city to create San Francisco's first ever Urban Forest Plan.

FUF Harnesses the Power of Many Volunteers to Plant and Advocate for Trees

FUF is a member of TechSoup, and TechSoup's staffers were very excited to reach out for an interview to hear more about the group's impact. My team joined FUF early on a Saturday morning for its volunteer tree planting event in the Portola neighborhood, a part of the city that is lacking street trees. It was cold even by San Francisco standards, but there was an impressive turnout of volunteers present and ready to plant.

The executive director of FUF, Dan Flanagan, joined us and told us about his work. "We get to get out in the city and make it greener. We advocate for trees; I always call ourselves the Lorax of San Francisco. We are the only organization in San Francisco that is speaking for the trees."

FUF Gets the Chance to Plant Even More Trees … in Neighborhoods That Really Need Them

Dan was excited about a recent accomplishment for the organization. San Francisco just passed Proposition E, which opens up major opportunities for the nonprofit. As he said, "It changes the responsibility from street trees and sidewalks away from the homeowners and to the city. As a result, homeowners are no longer responsible, and now we actually get a chance to make the city more green than ever before by planting more trees in neighborhoods that couldn't afford it before."

This policy makes the city responsible for maintenance, but it will still require FUF to continue its work of planting the trees. FUF hopes to plant 1,700 trees this year and ultimately hopes to plant 3,000 trees every year.

FUF Puts Technology from TechSoup to Work

I was curious to find out how FUF was using technology to further its mission. Jason Boyce, individual gifts manager, said: "Here at Friends of the Urban Forest, a lot of our field staff tend to be out in the field all day; technology really needs to be out of the way to allow us to plant. So, as a result, the relationships we build with our community tend to be stronger because we use technology to enable our work, but it doesn't get in the way of our work."

Jason explained, "We have been working with ArcMap for years, ... GIS software that TechSoup has provided for us. We use it to plant trees, to figure out where we are going to plant. When we do our plantings, we actually dole out the maps that our volunteers use to do the plantings, and all that comes through ArcMap. We use Adobe Acrobat to put together our tree manuals for our new tree owners and volunteer manuals. We use AutoCAD to put together the permit drawings for our sidewalk gardens. Technology plays a really important role in doing our plantings and making San Francisco more green."

FUF Partners with the City to Calculate the Environmental Benefits of Trees

Jason also recently worked with the city on the Urban Forest Map, which is an interactive online map that tracks every tree in San Francisco. The map helps calculate the environmental benefits the trees provide, including stormwater mitigation, air pollutants captured, and carbon dioxide removed from the atmosphere. This platform has increased the visibility of the city's urban forest.

As Jason said, "We are now at the forefront of cities worldwide that are building software to manage their urban forests. … [This] really gives a lot of benefit to the people living in San Francisco."

TechSoup is proud to support organizations like Friends of the Urban Forest by enabling them with the technology they need. That support gives them more time to focus on their impact, like planting trees, or to build the communities that help them thrive.

spanhidden

In this age of increasing hacks and cybercrime, the Norman Rockwell Museum has a lot of digital assets, museum operations data, and private patron data that need to be protected. Find out why Frank Kennedy, IT manager at the Rockwell museum, chose Veritas Backup Exec to be a key part of the museum's security strategy.

About the Museum

Norman Rockwell is one of the great iconic painters and illustrators of American life in the 20th century. His hundreds of covers for the Saturday Evening Post magazine alone are a national treasure. The Norman Rockwell Museum is located in Stockbridge, Massachusetts, where Rockwell spent the last part of his celebrated life. The museum started two years before Rockwell's death in 1978 and houses over 100,000 of his works and also those of other illustrators.

The museum now has 140,000 annual visitors, and 220,000 people view its traveling exhibitions each year. It also has an active website with more than 600,000 worldwide unique visitors per year.

The Museum's IT System

IT Manager Frank Kennedy is an IT department of one (plus an occasional contractor). He supports 90 staff and volunteers and is responsible for critical information security and data protection for the museum.

The museum's IT network consists of several large physical servers and many single-purpose virtual machines. The single-purpose virtual machines allow for emergency service without disrupting other departments.

Frank says, "Most of our enterprise software is procured via TechSoup, which makes it affordable to license so many servers! We do not have to make do with weak, low-budget software."

Digital Assets: Preserving Art over the Long Term

Frank Kennedy explains that digital assets are of increasing importance in the work of museums. There are high-resolution images or copies of art works that must be carefully stored to preserve work in its best condition. He says that digital versions are often irreplaceable, as when the original object is disintegrating or would be damaged by further handling.

The digital versions keep a faithful record of the art in its best state. The most sensitive objects of this museum include a collection of Rockwell's cellulose nitrate film negatives, which deteriorate over time.

The museum also has analog audio and video tape and motion picture film that deteriorates, as well as works on paper that degrade with exposure to light. Other crucial data for the museum includes databases for collection management, point of sale records, donor management, and email.

Frank's backup system is designed to be redundant on purpose. He says, "Protecting this data means keeping many copies in many places. Doing so becomes a big challenge when the size of the data becomes several terabytes. I use many layers of redundancy."

The Backup Crisis

As the museum's data got bigger and bigger, and server patches piled on, the museum's previous backup solution eventually became unstable. Frank reports that his backups were failing constantly and causing him stress in his careful, risk-based management approach. When he first went to get a new backup solution from TechSoup, he discovered that what he needed was not available.

He says, "The cost for the options I use would have been over $4,000 per year, unbudgeted. TechSoup responded to users' desperate cry and worked with Veritas to bring Backup Exec back to TechSoup! I can't even describe my relief. Veritas Backup Exec is better than ever. It is so stable that I get suspicious and have to go look just to be sure it's really working!"

Why the Norman Rockwell Museum Chose Backup Exec over Other Options

Frank told me that the license he gets from TechSoup includes every option his museum needs. These options and features include

• Exchange Server backup
• Unlimited media server backups
• Unlimited agents for specific applications like VMware, Windows, Linux, and so on
• Simplified disaster recovery
• Protection against accidental deletion, damage, or overwriting
• Storing backups to disk, network share, tape (any type), or cloud — or all four at once
• Virtual machine snapshots that are viewable directly from the host's agent
• A deduplication engine so backed-up data is as clean as possible
• Backup retention periods that can be defined per job and per media server
• An excellent graphical user interface
• The status of every backed-up resource available at a glance
• Sending an email to the admin when anything goes wrong
• Running several jobs simultaneously (depending on server horsepower)

Advice for Museums and Other Organizations Considering Veritas Backup Exec

• Backup Exec is powerful software geared toward backing up an entire network. It requires some study to do the installation and learn the software.
• You don't get phone support with the charity licensing, so you need to be comfortable Googling for answers and working in the Veritas community support forum.
• Frank recommends dedicating a strong server for running the software. He likes eight cores and 32 GB of RAM; hot-swappable, hot-growable RAID-5; fast network connectivity; and a very large uninterruptible power supply (UPS).
• Avoid the temptation to install other services or applications on what seems to be a machine that is often idle.

In a Nutshell

Frank's experience is that "Veritas Backup Exec is the best, most reliable, most flexible, and versatile backup software you can get. Commit the needed resources to operate it, and you will be rewarded with peace of mind and business continuity. Your donors will be pleased that you are protecting their investment so carefully."

Image: Norman Rockwell Museum / All rights reserved / Used with permission

spanhidden

Eighty-one percent of Americans have social media accounts, and that number is expected to grow each year. Nearly all brands have a social presence, and libraries are no different. Libraries are using social platforms now more than ever before.

The New York Public Library has 2.2 million followers on Twitter, more followers than the celebrity Kathy Griffin. Social media is playing a significant role in helping libraries stay relevant in our ever-growing digital society.

TechSoup recently teamed up with WebJunction to find out the details on how libraries are using social media. We wanted to know how often libraries are using platforms and what some of their biggest challenges are. We surveyed 311 libraries throughout the country and found out some interesting things.

In our survey, we found that 55 percent of respondents serve fewer than 25,000 patrons, so nearly half of the respondents were smaller libraries, probably mostly in rural areas. We found that libraries are using social, and they are eager to grow their channels.

More than half (55.7 percent) of libraries spend less than 5 hours per week on social media, and 28 percent spend only 6 to 10 hours a week.

Libraries use Facebook more than any other social platform. Twitter is the next most popular platform, and then Instagram.

Forty-four percent of libraries post daily on Facebook, and 25 percent also post daily on Twitter.

Libraries are using social media to share events and pictures, educate people about services, highlight their collections, and support other libraries.

Growing followers and finding staff support are some of libraries' biggest social media challenges.

Learn How to Grow Your Library's Social Media Channels with Our WebJunction Webinars

Registration is now open for the Social Media and Libraries Webinar Series, hosted by WebJunction and TechSoup for Libraries in collaboration. We'll help you build a social media strategy, including how to select platforms that work with different types of library content to create brand awareness, increase traffic, and meet community goals. This series will highlight social media best practices to keep patrons and library staff engaged, develop measurable goals, and cultivate new readers and learners in your community.

On October 24, join us to learn how libraries can effectively use social media tools, even with limited staff and time. Learn how to identify the appropriate social media platforms to market library services and events, and how to integrate best social media practices in your library's marketing plan. We'll help you build a foundation for your social media strategy and provide practical ideas and tactics for immediate use in your library.

Register for October 24

On November 30, join us to learn all about social media analytics. Now that you are using social media to engage with your community, how do you know if it's working? If you don't know where to start when planning your social media metrics, join us to learn the best methods to measure your library's social media outcomes. During this event, you will learn how to establish measurable goals, identify key performance indicators (KPIs), and evaluate your social media results

Register for November 30

On December 19, join us to learn how to take the next steps toward amplifying your library's social media program. During this third webinar in our social media series, we'll discuss best practices in growing your library's social media program and managing user engagement. You'll learn tips on assessing the members of your library's audience based on their preferred platforms, and ideas for converting your in-person library community into an online community.

Register for December 19

How Is Your Library Using Social Media?

Our survey is still going on! Take our survey and tell us how your library is using social media.

spanhidden

Many nonprofits handle sensitive personal information belonging to community members — whether it's names or email addresses or payment information. But are you handling this data properly to prevent a data breach?

This post is by no means exhaustive — after all, every nonprofit handles different sorts of data, and each organization has different security needs. That said, these are some practical things to think about when you review your handling of sensitive personal information.

#1 Risk: Malware and Software Vulnerabilities

The Problem

This one may seem obvious, but with so many other security risks out there, it's easy to forget that malware still poses a major threat to your organization's data.

How You Can Mitigate It

To start, make sure you have antivirus software installed, and that it's up to date. In addition, you'll want to make sure your operating system and any software installed are also up to date, with all security patches installed.

Beyond that, be careful what you click on. Don't download and install software from sites you don't trust. Be careful of the email attachments and links you click on — even from people you know. If you aren't expecting a file or link, click with caution.

#2 Risk: Ransomware

The Problem

Ransomware is an especially insidious form of malware that holds your computer or data hostage unless you pay a sum of money to a criminal actor. Oftentimes, ransomware will encrypt your data, preventing you from accessing it. And according to Symantec's Director of Security Response Kevin Haley, some forms of ransomware will threaten to publicly release your data.

How You Can Mitigate It

Aside from up-to-date antivirus software and taking steps to avoid infection in the first place, there isn't a ton you can do to deal with a ransomware attack once your data's been encrypted.

In that case, according to Haley, keeping up-to-date backups of your data is your best bet. That way, you'll be able to get back up and running quickly with minimal data loss. (TechSoup offers backup and recovery solutions from Veritas.)

#3 Risk: Public Wi-Fi

The Problem

Public Wi-Fi is generally fine for some things, such as browsing cat videos on YouTube, or catching up on the headlines. However, for anything involving sensitive personal information, it's a security disaster waiting to happen. Bad actors could potentially eavesdrop on what you're doing while using public Wi-Fi, leaving your data and work open to prying eyes.

How You Can Mitigate It

First off, avoid using public, unsecured Wi-Fi when handling sensitive information — whether it's internal organizational data or your own personal banking information. Using a wireless hotspot, like those from Mobile Beacon (offered through TechSoup), instead of public Wi-Fi is an easy way to keep your data more secure.

If you can't avoid public Wi-Fi, a virtual private network (VPN) is a good option — VPNs secure data between your computer and the website you're visiting. Not all VPNs provide the same level of security, though, and you'll need to make sure your VPN of choice conforms to any data security regulations that your organization may be subject to. See our previous overview of VPNs for more.

#4 Risk: Inappropriate Sharing of Sensitive Information

The Problem

Sharing sensitive information via email, messaging apps, or similar means is a risky proposition.

Email is a notoriously insecure method of communication. Email accounts are often the target of data breaches and phishing attacks. (A phishing attack is where an attacker tries to steal your account information by tricking you to enter your account information on a phony login page.)

And whether it's through email or messaging app, it's all too easy to accidentally leak data by sharing it with the wrong person.

How You Can Mitigate It

Avoid sending sensitive information to colleagues via email. It's easier said than done, we know. Maybe you need to share a list of donor contact information with your marketing department, for example. Consider uploading it to a secure file server on your network that can only be accessed by others in the office.

If your organization uses a cloud storage service like Box, consider using that instead — so long as it meets your organization's security needs. These cloud storage services usually encrypt data you upload to prevent it from getting stolen. You may also want to consider using constituent relationship management (CRM) software, a tool designed specifically to store and manage your organization's contacts.

In addition, pay attention to access permissions. If you can, restrict access to sensitive information to only those who need it. Revisit your permissions settings regularly and update them as needed.

To prevent your user accounts from being compromised in the first place, practice good account security hygiene. Use strong passwords and require your staff to use two-factor authentication.

#5 Risk: Handling Credit Card Data

The Problem

A breach involving credit card data can be embarrassing for your organization, but it could wreak financial havoc on your members and supporters. All it takes is for hackers to grab a few pieces of information to rack up credit card debt in your supporters' names.

How You Can Mitigate It

Securing credit card information is important, but you don't have to make it up as you go. Make sure your organization conforms to payment card security standards. The Payment Card Industry Security Standards Council, as well as banks and credit card issuers, provide guidelines on how to best handle credit card information to prevent breaches.

Has your nonprofit recently encountered any other notable risks? Tell us about it in the comments!

spanhidden

Computer and network security is an ever-evolving field. As technology advances, cybercriminals find new ways to exploit vulnerabilities in order to get at your personal, financial, or organizational data. We recently spoke with Symantec's Director of Security Response Kevin Haley to get an idea of what threats you'll face in the next year or two.

In short, expect a continuation of common threats like ransomware, as well as the emergence of new threats from connected devices and the so-called Internet of Things. Plus, keep an eye out for the resurgence of an old threat made new.

Ransomware with a Twist

Ransomware — malicious software that locks your data or otherwise compromises your computer in an attempt to extort money — is not a new threat. It's been around for a number of years in various forms. But according to Haley, a new form of ransomware doesn't just lock your files; instead, it threatens to publicly release your data unless you pay up.

For many individuals, this may simply mean an embarrassing leakage of personal data — browser history, emails, photos, and so on. For a nonprofit, especially one that deals with sensitive sociopolitical issues, the possibility of data leakage can have more serious ramifications. It could pose a threat to the community you serve.

Email That Looks Like It Came from a Co-worker

In traditional phishing attempts, scammers create an email that appears to be from a legitimate source — say, Google, Amazon, or Apple. Then they attempt to steal account information, such as usernames and passwords. But in an emerging form of phishing, hackers may use emails purportedly from co-workers or business associates to try to steal information from your organization.

For example, Haley says, you may receive an email from a vendor or a colleague asking for specific pieces of information (such as tax forms) or for money outright. The only problem is that these emails originate from scammers, not your colleagues. And once you email an important piece of information to these impersonators, there's no way to get it back.

With proper data handling, though, you can avoid these sorts of nightmares. See our recent post, 5 Data Security Risks for Nonprofits (and How to Fix Them), to learn more.

The Internet of Things Can Make People Vulnerable

From smart locks to Internet-connected appliances, the Internet of Things promises to change the way we interact with all sorts of items within our homes and offices. But with this comes the potential for security headaches.

According to Haley, these "smart" devices are rarely protected properly, and are easy to infect with malware. And this isn't just an issue that may cause problems some years down the line. Last year, as CNET reported, a network of malware-infected DVRs and webcams overloaded a number of popular websites and online services, temporarily knocking them offline.

Word Macro Viruses Make a Comeback

Perhaps the most surprising threat Haley warned about was the revival of Word macro viruses.

Macro viruses use Microsoft Word's macro programming feature — typically used to automate certain tasks within Word — to infect your computer. Macro viruses have been around for many, many years. And Word disables macros by default: If you open a Word document with a macro, you'll have to click a button to tell Word to turn on any macros within that document.

With this new wave of macro viruses, however, criminals employ social engineering trickery to goad you into turning on macros, allowing the macro virus to do its thing.

Fortunately, you can easily protect yourself from getting infected. First, don't open file attachments from people you don't know. If you receive a Word document with macros from someone you do know, confirm with that person to make sure that they intended to send the macros and that they are safe to run.

As Always, Vigilance Is Key

Although specific threats may evolve over time, good security practices never go out of style. Use a security software package and keep it updated. Enforce good account security practices within your organization.

Don't open file attachments from people you don't know, and don't open unexpected file downloads. Secure all your devices as best you can. And if something seems fishy — perhaps that email from your boss doesn't seem quite right — don't be afraid to question it.

By taking small steps like these, you might save yourself — and your organization — some serious pain.

spanhidden

4

In Week 1 of National Cybersecurity Awareness Month (NCSAM) we looked at spoofed emails, cybercriminals' preferred method of spreading malware. Today, in an effort to provide you with the best information out there to keep you safe online, we're hitting you with a double dose of cybersafety news.

Let's take look at the topics for Week 2 and 3 of National Cybersecurity Awareness Month: malware and password security. They're separate but related issues in the world of Internet crime prevention, and a better understanding of each is key to protecting your property and personal information in today's digital world.

Malware

Malware is an umbrella term used to describe software that is intended to damage or disable computers and computer systems. If you'd like, you can take a moment and watch this video on malware from Norton Security. But the best way to begin protecting yourself against this stuff is to learn about all the different types of malware that can affect your computer. There are tons, so we'll just go over the broader categories for now.

Viruses: Malicious bits of code that replicate by copying themselves to another program, computer boot sector, or document and change how a computer works. Viruses are typically attached to an executable file or program and spread once a user opens that file and executes it.

Worms: They're like viruses, but are different in terms of the way they're spread. Worms typically exploit a vulnerability or a weakness that allows an attacker to reduce a system's information assurance. Missed that last Windows update? You might be more vulnerable to worms.

Trojans: These look like legitimate pieces of software and are activated after a user executes them. Unlike a virus or a worm, a trojan does not replicate a copy of itself. Instead, it lurks silently in the background, compromising users' sensitive personal data.

Ransomware: This refers to a type of malware that prevents or limits users from accessing their system, either by locking the system's screen or by locking or threatening to erase the users' files unless a ransom is paid. You may recall the WannaCry attack that affected users across the globe this summer, only to be thwarted by the accidental discovery of a "kill switch" that saved people from the malicious software.

Spyware: This malware collects your personal information (such as credit card numbers) and often passes this information along to third parties online without you knowing.

You can check out more descriptions and examples of the types of malware that exist today at MalwareFox, a malware detection and removal software program.

Tips for Protecting Yourself Against Malware

Staying malware-free doesn't require an engineering degree. You can greatly reduce, if not completely eliminate, your chances of falling victim to malware by following these easy tips.

• Keep your operating system current.
• Keep your software up to date, particularly the software you use to browse the Internet.
• Install antivirus and security software and schedule weekly scans. At TechSoup, we're protected by Symantec Endpoint Protection. At home, there are dozens of solutions you can use to protect yourself (PCMag lists many here).
• Mind where you click. Think twice before you download torrent videos or free Microsoft Office templates from some random website.
• Avoid public, nonpassword, nonencrypted Wi-Fi connections when you can. Use a VPN when you cannot.

Spread the Word

Let people know that TechSoup is helping you become more #CyberAware by sharing a message on your social media channels. If you tag @TechSoup on Twitter, we'll retweet the first two tweets. Remember, we're all in this together.

Password Security

Now that we've covered the nasty stuff that can make your life miserable if it ends up on your computer, let's go over some password security tips to help prevent malware from getting there in the first place. Using best practices when it comes to protecting your passwords is a proven way to protect your personal and financial information. Curious how knowledgeable you already are? Watch this video and take this quiz to enter a drawing for a $25 Amazon gift card!

First, let's go over some facts.

• Passwords are the first line of defense to protect your personal and financial information.
• A weak password can allow viruses to gain access to your computer and spread through TechSoup's or your family's network.
• It's estimated that 73 percent of users have the same password for multiple sites and 33 percent use the same password every time. (Source: Digicert, May 2014)
• Despite a small sample size of 1,110 U.S. adults, a recent YouGov survey still found that 28 percent of adults use the same passwords for most of their online accounts. (Source: Business Insider, October 2017).

Best Practices for Effective Password Protection

One great way to better protect yourself is by opting for a passphrase, which is much more difficult to crack than a single-word password. Here are some guidelines to creating one.

• Pick a famous quote or saying and use the first letter of each word.
• Add a number that you can remember.
• Capitalize one letter.
• Make it unique by adding the first letter of your company's name to the beginning or end of the passphrase.
• Make it between 16 and 24 characters.

You should never write your password down, but if you must, never store user IDs and passwords together. Finally — even though it might seem unwieldy — you should always use a different password for each site that requires one. In today's world, everything is connected. A savvy hacker can easily breach your bank account, email, and medical records in one fell swoop if you're using the same password for all three.

Additional Cybersecurity Resources

In case you missed it, take a look at last week's post on recognizing suspicious emails.

Need a little inspiration? Find out how TechSoup and Symantec are making a difference in the lives of at-risk teens.

Get more security tips from the National Cyber Security Alliance. National Cyber Security Alliance Month — observed every October — was created as a collaborative effort between government and industry to ensure that all Americans have the resources they need to stay safer and more secure online. Find out how you can get involved.

spanhidden

Twenty-five countries attracted high-ticket investment deals at the Africa Investment Forum

Ubuntu Security Notice 4335-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, bypass same-origin restrictions, conduct cross-site scripting attacks, or execute arbitrary code. Various other issues were also addressed.

Ubuntu Security Notice 4336-1 - It was discovered that GNU binutils contained a large number of security issues. If a user or automated system were tricked into processing a specially-crafted file, a remote attacker could cause GNU binutils to crash, resulting in a denial of service, or possibly execute arbitrary code.

Ubuntu Security Notice 4337-1 - It was discovered that OpenJDK incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service while processing a specially crafted regular expression. It was discovered that OpenJDK incorrectly handled class descriptors and catching exceptions during object stream deserialization. An attacker could possibly use this issue to cause a denial of service while processing a specially crafted serialized input. Various other issues were also addressed.

Ubuntu Security Notice 4338-1 - Agostino Sarubbo discovered that re2c incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code.

Ubuntu Security Notice 4339-1 - Brandon Perry discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 20.04 LTS. Tan Jie discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 20.04 LTS. Various other issues were also addressed.

Ubuntu Security Notice 4332-2 - USN-4332-1 fixed vulnerabilities in File Roller. This update provides the corresponding update for Ubuntu 20.04 LTS. It was discovered that File Roller incorrectly handled symlinks. An attacker could possibly use this issue to expose sensitive information.

Ubuntu Security Notice 4340-1 - It was discovered that CUPS incorrectly handled certain language values. A local attacker could possibly use this issue to cause CUPS to crash, leading to a denial of service, or possibly obtain sensitive information. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 19.10. Stephan Zeisberg discovered that CUPS incorrectly handled certain malformed ppd files. A local attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.

Ubuntu Security Notice 4338-2 - USN-4338-1 fixed vulnerabilities in re2c. This update provides the corresponding update for Ubuntu 20.04 LTS. Agostino Sarubbo discovered that re2c incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code.

Ubuntu Security Notice 4341-1 - Andrei Popa discovered that Samba incorrectly handled certain LDAP queries. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.10 and Ubuntu 20.04 LTS. It was discovered that Samba incorrectly handled certain LDAP queries. A remote attacker could possibly use this issue to cause Samba to consume resources, resulting in a denial of service. Various other issues were also addressed.

Ubuntu Security Notice 4342-1 - Al Viro discovered that the Linux kernel for s390x systems did not properly perform page table upgrades for kernel sections that use secondary address mode. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the Intel Wi-Fi driver in the Linux kernel did not properly check for errors in some situations. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.

Ubuntu Security Notice 4343-1 - Al Viro discovered that the Linux kernel for s390x systems did not properly perform page table upgrades for kernel sections that use secondary address mode. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice 4344-1 - It was discovered that the Intel Wi-Fi driver in the Linux kernel did not properly check for errors in some situations. A local attacker could possibly use this to cause a denial of service. It was discovered that the Intel WiMAX 2400 driver in the Linux kernel did not properly deallocate memory in certain situations. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

Ubuntu Security Notice 4345-1 - Al Viro discovered that the Linux kernel for s390x systems did not properly perform page table upgrades for kernel sections that use secondary address mode. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the Intel Wi-Fi driver in the Linux kernel did not properly check for errors in some situations. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.

Ubuntu Security Notice 4346-1 - It was discovered that the QLogic Fibre Channel driver in the Linux kernel did not properly check for error, leading to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service. It was discovered that the Intel Wi-Fi driver in the Linux kernel did not properly check for errors in some situations. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.

Ubuntu Security Notice 4341-3 - USN-4341-1 fixed vulnerabilities in Samba. The updated packages for Ubuntu 16.04 LTS introduced a regression when using LDAP. This update fixes the problem. It was discovered that Samba incorrectly handled certain LDAP queries. A remote attacker could possibly use this issue to cause Samba to consume resources, resulting in a denial of service. Various other issues were also addressed.

Ubuntu Security Notice 4348-1 - It was discovered that Mailman incorrectly handled certain inputs. An attacker could possibly use this to issue execute arbitrary scripts or HTML. It was discovered that Mailman incorrectly handled certain inputs. An attacker could possibly use this issue to display arbitrary text on a web page. It was discovered that Mailman incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.

Ubuntu Security Notice 4341-2 - USN-4341-1 fixed a vulnerability in Samba. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that Samba incorrectly handled certain LDAP queries. A remote attacker could possibly use this issue to cause Samba to consume resources, resulting in a denial of service. Various other issues were also addressed.

Ubuntu Security Notice 4333-2 - USN-4333-1 fixed vulnerabilities in Python. This update provides the corresponding update for Ubuntu 20.04 LTS. It was discovered that Python incorrectly stripped certain characters from requests. A remote attacker could use this issue to perform CRLF injection. Various other issues were also addressed.

Ubuntu Security Notice 4349-1 - A buffer overflow was discovered in the network stack. An unprivileged user could potentially enable escalation of privilege and/or denial of service. This issue was already fixed in a previous release for 18.04 LTS and 19.10. A buffer overflow was discovered in BlockIo service. An unauthenticated user could potentially enable escalation of privilege, information disclosure and/or denial of service. This issue was already fixed in a previous release for 18.04 LTS and 19.10. Various other issues were also addressed.

Ubuntu Security Notice 4350-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.80 in Ubuntu 19.10 and Ubuntu 20.04 LTS. Ubuntu 16.04 LTS and Ubuntu 18.04 LTS have been updated to MySQL 5.7.30. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.

Ubuntu Security Notice 4330-2 - USN-4330-1 fixed vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 20.04 LTS. It was discovered that PHP incorrectly handled certain EXIF files. An attacker could possibly use this issue to access sensitive information or cause a crash. Various other issues were also addressed.

Ubuntu Security Notice 4351-1 - Eli Biham and Lior Neumann discovered that certain Bluetooth devices incorrectly validated key exchange parameters. An attacker could possibly use this issue to obtain sensitive information.

Ubuntu Security Notice 4352-1 - It was discovered that OpenLDAP incorrectly handled certain queries. A remote attacker could possibly use this issue to cause OpenLDAP to consume resources, resulting in a denial of service.

Ubuntu Security Notice 4352-2 - USN-4352-1 fixed a vulnerability in OpenLDAP. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that OpenLDAP incorrectly handled certain queries. A remote attacker could possibly use this issue to cause OpenLDAP to consume resources, resulting in a denial of service. Various other issues were also addressed.

The Gulf region is making extensive reforms to its foreign investment landscape in an effort to attract foreign investors to sectors outside oil and gas, according to a recent report by PwC. 

$73.8m mega-project will be the first of its kind in the city.

Announced greenfield projects into China plummeted in early 2020 with the US and Europe taking the lion's share of global foreign investment. 

Serbia’s minister of finance, Siniša Mali, explains why the country is one of Europe's economic stars, and how its FDI levels have risen on the back of this.

London LEP and Thames Valley Berkshire LEP hold on to their respective first and second places in the Local Enterprise Partnership rankings, while Oxfordshire LEP jumps up eight places to third. 

Foreign investment into Serbia is growing at a healthy pace thanks to its attractive automotive manufacturing industry and highly regarded free zones.

Serbia’s technology cluster is gaining momentum and attracting FDI, for both its software and hardware expertise.

Serbia’s 15 free zones are driving forward an ongoing flurry of foreign investment in the country’s buoyant manufacturing scene, especially in automotives.