Mandriva Linux Security Advisory 2015-222 - Emanuele Rocca discovered that ppp was subject to a buffer overflow when communicating with a RADIUS server. This would allow unauthenticated users to cause a denial-of-service by crashing the daemon.

Mandriva Linux Security Advisory 2015-224 - Ruby OpenSSL hostname matching implementation violates RFC 6125. The ruby packages for MBS2 has been updated to version 2.0.0-p645, which fixes this issue.

Mandriva Linux Security Advisory 2015-225 - The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty password.

Mandriva Linux Security Advisory 2015-226 - FCGI does not perform range checks for file descriptors before use of the FD_SET macro. This FD_SET macro could allow for more than 1024 total file descriptors to be monitored in the closing state. This may allow remote attackers to cause a denial of service (stack memory corruption, and infinite loop or daemon crash) by opening many socket connections to the host and crashing the service.

Mandriva Linux Security Advisory 2015-223 - Multiple integer signedness errors in the Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB allow remote attackers to cause a denial of service and possibly execute arbitrary code via the Voodoo interface, which triggers a stack-based buffer overflow. The Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB allows remote attackers to cause a denial of service and possibly execute arbitrary code via the Voodoo interface, which triggers an out-of-bounds write.

Mandriva Linux Security Advisory 2015-227 - This update provides MariaDB 5.5.43, which fixes several security issues and other bugs.

Mandriva Linux Security Advisory 2015-228 - It was found that libuv does not call setgoups before calling setuid/setgid. This may potentially allow an attacker to gain elevated privileges. The libuv library is bundled with nodejs, and a fixed version of libuv is included with nodejs as of version 0.10.37. The nodejs package has been updated to version 0.10.38 to fix this issue, as well as several other bugs.

Mandriva Linux Security Advisory 2015-229 - It was discovered that the snmp_pdu_parse() function could leave incompletely parsed varBind variables in the list of variables. A remote, unauthenticated attacker could exploit this flaw to cause a crash or, potentially, execute arbitrary code.

Mandriva Linux Security Advisory 2015-230 - Squid configured with client-first SSL-bump does not correctly validate X509 server certificate domain / hostname fields.

Mandriva Linux Security Advisory 2015-231 - Tilmann Haak from xing.com discovered that XML::LibXML did not respect the expand_entities parameter to disable processing of external entities in some circumstances. This may allow attackers to gain read access to otherwise protected resources, depending on how the library is used.

Mandriva Linux Security Advisory 2015-232 - A malformed certificate input could cause a heap overflow read in the DER decoding functions of Libtasn1. The heap overflow happens in the function _asn1_extract_der_octet().

Government minister Safia Boly outlines efforts to foster entrepreneurship

FDI into Latvia has recovered in recent years as the Baltic state has implemented stricter anti-money laundering procedures. Latvian minister of economics Ralfs Nemiro talks to Alex Irwin-Hunt about the progress made.

Atlantis in South Africa has a new SEZ focused on green manufacturing, which is hoping to turn around the area's fortunes. Annie Hessler reports.

What if the coronavirus lasts until the end of the year? Lawrence Yeo has a bleak forecast.

I am often asked what I see as the biggest potential game-changers in tech — particularly as it relates to social good. Mobile, social, the cloud, and analytics continue to emerge as key themes. However, analytics is emerging as the true game changer — catalyzed by advances in open architecture.

Let me unpack what I mean by "open architecture." Open means that anyone can access it, contribute to it, and innovate on top of it. At Blackbaud, where I serve as chief technology officer, one of our core tenets has been to design an open, cloud-based software and data architecture. We're cultivating a technical community of partners, customers, and engineers (inside and outside of the company) who are innovating in different ways and contributing to this ecosystem.

From this vantage point, I see the way that openness accelerates the velocity of innovation. Looking at it from a different angle, open ecosystems also yield data and analytics that enable everyone who is part of them to gain more insights and intelligence.

This data can power intelligent software solutions, surface actionable events, maintain accurate and current data assets, and generally drive more results for users. In other words, an open cloud-based architecture elevates usage, which in turn generates more and more data and intelligence that make the system even more powerful.

With data, analytics, and intelligence in mind, the following capabilities emerge as candidates to have a great positive impact.

The Internet of Things

Internet of Things (IoT) technology is cheap and accessible and can transform normal household items into network devices that generate data. In my house, the lights, thermostats, appliances, cars, doors, and windows are all connected devices. These connected devices generate data and intelligence (such as trends in usage, optimization of electricity consumption, and so on). Much like a household, there are many IoT possibilities for nonprofits and other players in the social good space to generate valuable, actionable data.

Instrumentation

Instrumentation provides us with the ability to understand what's happening within our software. As Blackbaud ships features and capabilities within solutions, we monitor usage. We do so to understand if our customers can easily discover the new capability (do they use it the first time they log on?) and to determine if our customers find it valuable (is their use ongoing?). This data-driven approach is an extremely effective way of measuring both the quality of the user experience and the overall value of the work we're doing.

We can learn a lot about our customers just by observing what they do. Across the software industry, instrumentation is driving advances in understanding that enable more targeted solutions to users' challenges.

Usage Information

Like instrumentation, usage data enables us to understand the leading indicators that yield the best, most effective outcomes. For example, through usage data, we were able to understand that nonprofits who proactively thank donors within one week of giving have an advantage. They were much more effective at converting those individuals to longer-term supporters and recurring donors.

Predictive Intelligence

Predictive analytics showcase some of the most stunning and innovative applications of data. At Blackbaud, we think of predictive analytics as a kind of "self-driving car." It guides and sometimes fully automates tasks for our users, enabling them to gain much greater results. A few examples of predictive analytics scenarios that we're working on include

• Extending the most compelling message to a specific person at just the right time via the best channel, to keep them engaged, generate a donation, invite them to an event, or simply share a story.
• Intelligently connecting nonprofits, corporations, individuals, foundations, faith-based organizations, schools, and other stakeholders across the ecosystem we serve. That action enables us to more efficiently coordinate efforts and services and drive greater good together.
• Leveraging social information, an understanding of a person's network, geographical context, and other analytics to help connect an advocate with a nonprofit, school, or foundation, in just the right way.

We leverage the correlation of many different, disparate data sources to drive true intelligence and to power new, predictive user experiences across our applications. Our data platform is what powers this intelligence. This platform drives value across our solutions in other ways, including

• Correcting, appending, and de-duplicating data across the system
• Business intelligence and reporting that shows trends in data
• Real-time data pipelines that spark events across the system based on changes to the data

I’ve included only a few examples of technology capabilities we're researching that we believe will have a strong positive impact. The central theme of these capabilities is providing more actionable data and intelligence. Our commitment to delivering a robust, scalable, and flexible data architecture as well as open, cloud-based software enables us to take advantage of this technology. It also enables us to harness these capabilities to drive greater value for the customers we serve.

This blog post was written by Mary Beth Westmoreland.

spanhidden

The Inland Empire, which encompasses 27,000 square miles in Southern California, has one of the highest rates of poverty in the U.S.'s twenty-five largest metropolitan areas. One in five people there live at the poverty level. Smooth Transition, Inc., is a nonprofit educational and vocational training organization that has been working with local at-risk populations since 2009. It aims to provide a gateway towards empowerment, educational, and employment opportunities to lead a fulfilling, prosperous, and purposeful life.

Breaking Harmful Cycles

Smooth Transition began working to reach at-risk teens early — before they dropped out of high school or left the foster care system. It later expanded its program to include all at-risk populations, including displaced adults, as a means to better help the community. Smooth Transition's life skills development and educational training increase levels of employability. Its mentorship helps prevent its clients from re-entering the foster and judicial system or repeating poverty and homelessness cycles.

The nonprofit provides flexible and relevant programs that are accredited through the Western Association of Schools and Colleges. Its programs are directly tied to career pathways and provide students with vocational certifications at little or no cost to them. Graduates have a high completion rate as compared with other programs that serve at-risk populations. But students also come away with significant increases in their perceived self-value and a decrease in perceived barriers to success.

Keeping the Computer Labs Secure

In 2016, Smooth Transition served roughly 2,800 people with just four full-time staff members. Many of its programs are computer-based and require that its computer labs serve multiple uses and multiple users. One of the organization's board members manages its IT needs on a volunteer basis. He recommended Symantec's Norton Small Business, and the organization has been using it on its systems since it was founded.

Symantec's donation of antivirus protection — through TechSoup — has enabled the nonprofit to safely use its computer labs and has increased the number of programs and services it can offer to its students. According to Dr. Robin Goins, president and executive director of Smooth Transition, "The donations we receive are the foundation of our success, and we cannot express enough the generational and community impact the Symantec donations provide us. Smooth Transition is an appreciative recipient of the donations we received from Symantec and we look forward to providing even more impactful community programs as a result."

Goins goes on to describe how Smooth Transition's testing centers are networked, with students taking roughly 250,000 different kinds of exams. She worried that without security in the testing centers, the tests would be disrupted, causing a very serious problem. "If we have things disrupting our classes it costs us money. It also costs students the ability to complete their work. Having viruses attack us would be catastrophic for us."

Goins points out that Norton Small Business also helps protect confidential information. "As a school, we're required to protect the identity of our students and a lot of their demographic information," she said.

Smooth Transition will continue to work throughout the Inland Empire to provide flexible training and resources for those who don't fit the traditional education model. Though it faces many challenges in providing students with real, relevant work tools and skills, its staff is relieved, knowing that its systems and data are protected.

spanhidden

Many nonprofits handle sensitive personal information belonging to community members — whether it's names or email addresses or payment information. But are you handling this data properly to prevent a data breach?

This post is by no means exhaustive — after all, every nonprofit handles different sorts of data, and each organization has different security needs. That said, these are some practical things to think about when you review your handling of sensitive personal information.

#1 Risk: Malware and Software Vulnerabilities

The Problem

This one may seem obvious, but with so many other security risks out there, it's easy to forget that malware still poses a major threat to your organization's data.

How You Can Mitigate It

To start, make sure you have antivirus software installed, and that it's up to date. In addition, you'll want to make sure your operating system and any software installed are also up to date, with all security patches installed.

Beyond that, be careful what you click on. Don't download and install software from sites you don't trust. Be careful of the email attachments and links you click on — even from people you know. If you aren't expecting a file or link, click with caution.

#2 Risk: Ransomware

The Problem

Ransomware is an especially insidious form of malware that holds your computer or data hostage unless you pay a sum of money to a criminal actor. Oftentimes, ransomware will encrypt your data, preventing you from accessing it. And according to Symantec's Director of Security Response Kevin Haley, some forms of ransomware will threaten to publicly release your data.

How You Can Mitigate It

Aside from up-to-date antivirus software and taking steps to avoid infection in the first place, there isn't a ton you can do to deal with a ransomware attack once your data's been encrypted.

In that case, according to Haley, keeping up-to-date backups of your data is your best bet. That way, you'll be able to get back up and running quickly with minimal data loss. (TechSoup offers backup and recovery solutions from Veritas.)

#3 Risk: Public Wi-Fi

The Problem

Public Wi-Fi is generally fine for some things, such as browsing cat videos on YouTube, or catching up on the headlines. However, for anything involving sensitive personal information, it's a security disaster waiting to happen. Bad actors could potentially eavesdrop on what you're doing while using public Wi-Fi, leaving your data and work open to prying eyes.

How You Can Mitigate It

First off, avoid using public, unsecured Wi-Fi when handling sensitive information — whether it's internal organizational data or your own personal banking information. Using a wireless hotspot, like those from Mobile Beacon (offered through TechSoup), instead of public Wi-Fi is an easy way to keep your data more secure.

If you can't avoid public Wi-Fi, a virtual private network (VPN) is a good option — VPNs secure data between your computer and the website you're visiting. Not all VPNs provide the same level of security, though, and you'll need to make sure your VPN of choice conforms to any data security regulations that your organization may be subject to. See our previous overview of VPNs for more.

#4 Risk: Inappropriate Sharing of Sensitive Information

The Problem

Sharing sensitive information via email, messaging apps, or similar means is a risky proposition.

Email is a notoriously insecure method of communication. Email accounts are often the target of data breaches and phishing attacks. (A phishing attack is where an attacker tries to steal your account information by tricking you to enter your account information on a phony login page.)

And whether it's through email or messaging app, it's all too easy to accidentally leak data by sharing it with the wrong person.

How You Can Mitigate It

Avoid sending sensitive information to colleagues via email. It's easier said than done, we know. Maybe you need to share a list of donor contact information with your marketing department, for example. Consider uploading it to a secure file server on your network that can only be accessed by others in the office.

If your organization uses a cloud storage service like Box, consider using that instead — so long as it meets your organization's security needs. These cloud storage services usually encrypt data you upload to prevent it from getting stolen. You may also want to consider using constituent relationship management (CRM) software, a tool designed specifically to store and manage your organization's contacts.

In addition, pay attention to access permissions. If you can, restrict access to sensitive information to only those who need it. Revisit your permissions settings regularly and update them as needed.

To prevent your user accounts from being compromised in the first place, practice good account security hygiene. Use strong passwords and require your staff to use two-factor authentication.

#5 Risk: Handling Credit Card Data

The Problem

A breach involving credit card data can be embarrassing for your organization, but it could wreak financial havoc on your members and supporters. All it takes is for hackers to grab a few pieces of information to rack up credit card debt in your supporters' names.

How You Can Mitigate It

Securing credit card information is important, but you don't have to make it up as you go. Make sure your organization conforms to payment card security standards. The Payment Card Industry Security Standards Council, as well as banks and credit card issuers, provide guidelines on how to best handle credit card information to prevent breaches.

Has your nonprofit recently encountered any other notable risks? Tell us about it in the comments!

spanhidden

(Please visit the site to view this video)

Older adults are at an increased risk of lacking company and being socially isolated. Recent studies prove that a lack of social relationships is as strong a risk factor for mortality as are smoking, obesity, or a lack of physical activity. Enter Little Brothers.

Little Brothers is an effort dedicated to spreading awareness and relieving isolation and loneliness in elders, a problem that often goes unseen. Little Brothers is in 7 U.S. cities and 10 countries worldwide. Its mission is carried out by more than one nonprofit organization.

Little Brothers Friends of the Elderly San Francisco facilitates more than 4,000 friendly visits a year. Volunteers are matched with elders in San Francisco, and they form and build a relationship through home visits, outings, or common interests.

We recently met with Andrew Butler, the program manager at Little Brothers Friends of the Elderly San Francisco. He explained that many volunteers form a relationship with an elder, and their stereotypes about older people are quickly broken down.

"A lot of what we do is creating awareness. I think a lot of the information that we share through training or events really inspires people," said Butler. He also suggested that we speak with a member of Little Brothers Friends of the Elderly San Francisco, Andy Morgan, to get a proper feel for the organization.

Andy Morgan is a highly spiritual 86-year-old who loves to read. Originally from Transylvania, Andy came to San Francisco in 1962 and has worked a variety of jobs throughout his life.

However, he stresses that he has never defined himself by what he did for a living. Aside from books and his spirituality, Andy values personal relationships and enjoys company.

Our conversation with Andy revealed why Little Brothers' impact matters so much.

I wanted to ask if you have any main visitors.

Andy Morgan: Yeah! I have one main visitor come every week. Rain or shine, he comes and sees me. He brings me food from Trader Joe's, and he does my laundry.

Wow, that's a sweet deal. Would you share a particular visit that has stuck with you over the years?

There's nothing that stands out; every visit is enjoyable. What we usually do is grab a spiritual book, you know, all those books over there are on spirituality, and we read from it and then we discuss it. I've been on the spiritual path since the 1960s, so if he has any questions, I can try and clarify.

I was wondering what makes you happy.

What makes me happy? Knowing that my within-ness, that which makes me breathe and which makes me exist, is pure joy and pure love. When you do a lot of meditation, something opens up within you, and I just feel, practically all the time, this feeling of love and joy and peace.

Of course no one can maintain that 24/7, but I can always come back. If something goes wrong, I can just remind myself of my true nature.

That's beautiful. Thank you so much for opening your home to us.

My pleasure; it's been a joy having you guys. Could I just read you one very short poem? It says …

Be as a Flower

Truth is very simple
A flower does not try to be beautiful.
Its True Nature is Beauty.
Just by its Very Being.

In the same way, when you Awaken
To your true nature,
You will naturally exude Love,
Compassion, Beauty.
It is all you.
For it is your True Self.

(poem by Robert Adams)

TechSoup is proud to support our member, Little Brothers Friends of the Elderly San Francisco, in its mission to spread awareness about and help elders at risk of loneliness and isolation. There are incredible people like Andy all over the world who are at risk of being forgotten. But they should never be. TechSoup provides technology and services to Little Brothers staff members to help run their nonprofit so that they can focus on fighting the effects of elder isolation.

spanhidden

4

In Week 1 of National Cybersecurity Awareness Month (NCSAM) we looked at spoofed emails, cybercriminals' preferred method of spreading malware. Today, in an effort to provide you with the best information out there to keep you safe online, we're hitting you with a double dose of cybersafety news.

Let's take look at the topics for Week 2 and 3 of National Cybersecurity Awareness Month: malware and password security. They're separate but related issues in the world of Internet crime prevention, and a better understanding of each is key to protecting your property and personal information in today's digital world.

Malware

Malware is an umbrella term used to describe software that is intended to damage or disable computers and computer systems. If you'd like, you can take a moment and watch this video on malware from Norton Security. But the best way to begin protecting yourself against this stuff is to learn about all the different types of malware that can affect your computer. There are tons, so we'll just go over the broader categories for now.

Viruses: Malicious bits of code that replicate by copying themselves to another program, computer boot sector, or document and change how a computer works. Viruses are typically attached to an executable file or program and spread once a user opens that file and executes it.

Worms: They're like viruses, but are different in terms of the way they're spread. Worms typically exploit a vulnerability or a weakness that allows an attacker to reduce a system's information assurance. Missed that last Windows update? You might be more vulnerable to worms.

Trojans: These look like legitimate pieces of software and are activated after a user executes them. Unlike a virus or a worm, a trojan does not replicate a copy of itself. Instead, it lurks silently in the background, compromising users' sensitive personal data.

Ransomware: This refers to a type of malware that prevents or limits users from accessing their system, either by locking the system's screen or by locking or threatening to erase the users' files unless a ransom is paid. You may recall the WannaCry attack that affected users across the globe this summer, only to be thwarted by the accidental discovery of a "kill switch" that saved people from the malicious software.

Spyware: This malware collects your personal information (such as credit card numbers) and often passes this information along to third parties online without you knowing.

You can check out more descriptions and examples of the types of malware that exist today at MalwareFox, a malware detection and removal software program.

Tips for Protecting Yourself Against Malware

Staying malware-free doesn't require an engineering degree. You can greatly reduce, if not completely eliminate, your chances of falling victim to malware by following these easy tips.

• Keep your operating system current.
• Keep your software up to date, particularly the software you use to browse the Internet.
• Install antivirus and security software and schedule weekly scans. At TechSoup, we're protected by Symantec Endpoint Protection. At home, there are dozens of solutions you can use to protect yourself (PCMag lists many here).
• Mind where you click. Think twice before you download torrent videos or free Microsoft Office templates from some random website.
• Avoid public, nonpassword, nonencrypted Wi-Fi connections when you can. Use a VPN when you cannot.

Spread the Word

Let people know that TechSoup is helping you become more #CyberAware by sharing a message on your social media channels. If you tag @TechSoup on Twitter, we'll retweet the first two tweets. Remember, we're all in this together.

Password Security

Now that we've covered the nasty stuff that can make your life miserable if it ends up on your computer, let's go over some password security tips to help prevent malware from getting there in the first place. Using best practices when it comes to protecting your passwords is a proven way to protect your personal and financial information. Curious how knowledgeable you already are? Watch this video and take this quiz to enter a drawing for a $25 Amazon gift card!

First, let's go over some facts.

• Passwords are the first line of defense to protect your personal and financial information.
• A weak password can allow viruses to gain access to your computer and spread through TechSoup's or your family's network.
• It's estimated that 73 percent of users have the same password for multiple sites and 33 percent use the same password every time. (Source: Digicert, May 2014)
• Despite a small sample size of 1,110 U.S. adults, a recent YouGov survey still found that 28 percent of adults use the same passwords for most of their online accounts. (Source: Business Insider, October 2017).

Best Practices for Effective Password Protection

One great way to better protect yourself is by opting for a passphrase, which is much more difficult to crack than a single-word password. Here are some guidelines to creating one.

• Pick a famous quote or saying and use the first letter of each word.
• Add a number that you can remember.
• Capitalize one letter.
• Make it unique by adding the first letter of your company's name to the beginning or end of the passphrase.
• Make it between 16 and 24 characters.

You should never write your password down, but if you must, never store user IDs and passwords together. Finally — even though it might seem unwieldy — you should always use a different password for each site that requires one. In today's world, everything is connected. A savvy hacker can easily breach your bank account, email, and medical records in one fell swoop if you're using the same password for all three.

Additional Cybersecurity Resources

In case you missed it, take a look at last week's post on recognizing suspicious emails.

Need a little inspiration? Find out how TechSoup and Symantec are making a difference in the lives of at-risk teens.

Get more security tips from the National Cyber Security Alliance. National Cyber Security Alliance Month — observed every October — was created as a collaborative effort between government and industry to ensure that all Americans have the resources they need to stay safer and more secure online. Find out how you can get involved.

spanhidden

Twenty-five countries attracted high-ticket investment deals at the Africa Investment Forum

The chief executive of Ras Al Khaimah Economic Zone (RAKEZ), shares his views over the perks of free zones in emerging markets. 

Emerging states must re-orientate their investment efforts to increasingly target those with an outsized social impact

Egypt is well on the way to establishing a diversified economy, claims Hala El Saeed, minister of planning and economic development 

Tanzania's economy is booming and its tourism sector is thriving. However, concerns about the president's strong-arm tactics and delays in the completion of key infrastructure projects are threatening this growth.

Kenya’s cabinet secretary for the national treasury and planning, Ukur Yatani, discusses the country’s agenda of fiscal reforms and the importance of constructing an east-west Africa highway.

The UN Sustainable Development Goals aim to end global poverty, but poorer countries are struggling to hit them. More help from richer countries is crucial, writes Mazdak Rafaty.

Bradford has been rated as the most improved city by the Good Growth for Cities 2019 index, while Oxford remained the highest performing UK city.

The Gulf region is making extensive reforms to its foreign investment landscape in an effort to attract foreign investors to sectors outside oil and gas, according to a recent report by PwC. 

$73.8m mega-project will be the first of its kind in the city.

Escalation in protests across the globe in 2019 are forecast to persist into the new decade, according to Verisk Maplecroft report.

Severe threats to the environment accounted for all of the five most likely long-term risks in the WEF’s Global Risks Report 2020.

Global FDI flows recorded a marginal 1% fall in 2019, but the value of announced greenfield investment projects plummets by 22%.