This is a proof of concept exploit that demonstrates the Microsoft Windows CryptoAPI spoofing vulnerability as described in CVE-2020-0601 and disclosed by the NSA.

Online Shopping System Advanced version 1.0 suffers from a remote SQL injection vulnerability.

Pisay Online E-Learning System version 1.0 suffers from remote SQL Injection and code execution vulnerabilities.

YesWiki cercopitheque version 2020.04.18.1 suffers from a remote SQL injection vulnerability.

NTCrackPipe is a basic local Windows account cracking tool.

NTCrackPipe is a basic local Windows account cracking tool.

Vopium for Android and iPhone leaks various data such as your password by passing it in the clear.

The Twitter 5.0 application for iPhone grabs images over HTTP and due to this, allows for a man in the middle attack / image swap. Proof of concept included.

This is a ruby script that will generate the default WPS PIN for the Arris DG860A providing you know the HFC MAC address.

TRENDnet TEW-818RDU versions 1 ("ac1900") and 2 ("ac3200") PIN disclosure exploit.

An exploitable cross-site scripting vulnerability exists in the ACEManager ping_result.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP ping request can cause reflected javascript code execution, resulting in the execution of javascript code running on the victim's browser. An attacker can get a victim to click a link, or embedded URL, that redirects to the reflected cross-site scripting vulnerability to trigger this vulnerability.

As champions of National Cyber Security Awareness Month (NCSAM), we're kicking off our first week with a focus on email. Read on for facts and tips on email security from the National Cyber Security Alliance.

Across the world, 269 billion emails are sent every day. It's estimated that the average business user will receive 96 emails per day by 2019 (source: Radicati).

Given our reliance on the medium, it's no surprise that email is one of cybercriminals' favorite methods of attack. According to the National Cyber Security Alliance, 85 percent of U.S. organizations have experienced a phishing attack and 30 percent of people have opened a phishing email.

There are simple steps you can take to ensure that you don't become a victim of a cyberattack. Somewhat like a poker tell, suspicious emails contain hints that the sender isn't who they claim to be.

Watch this video to learn how to spot email scams.

The Facts About Email Scams

• Suspicious emails engage in "spoofing," a type of scam in which attackers impersonate a trustworthy entity to make it more likely that the recipient will open and act on the email.
• Spoofed emails typically employ one of two tactics:
  • Phishing, the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money) for malicious reasons.
  • Spreading malware by getting the user to open malicious email attachments or click on malicious links.

Practical Tips on Spotting Suspicious Emails

• Look carefully at the email and ask yourself the following questions:

• • Do you know or recognize the "from" address or contact's name?
  • Does the message contain incorrect grammar or misspelled words?
  • Does the message ask you to take action on something you didn't request, such as "click on this link to pick the new phone you requested"?

• If the answer to the first is no, or the answer to the second or third above is yes:
  

• • Don't click on links. Instead, hover your cursor over links to determine if the address is unknown, suspicious, or misleading: for example, www.microsoft.com.maliciousdomain.it. Don't open any attachments the email contains.
  • If you suspect a work email is a phishing attack, immediately report it to your IT administrator so they can alert your fellow coworkers of the attempted attack. If it's a personal email, most email service providers provide a mechanism to report that. Check out this example from Gmail.

Additional Cybersecurity Resources

• Want to learn more about cybersecurity and how you can keep your data safe? Read our latest blog post about the Equifax breach.
• Need a little inspiration? Find out how TechSoup and Symantec are making a difference in the lives of at-risk teens.
• Get more security tips from the National Cyber Security Alliance. National Cyber Security Alliance Month — observed every October — was created as a collaborative effort between government and industry to ensure all Americans have the resources they need to stay safer and more secure online. Find out how you can get involved.

Image: National Cyber Security Alliance

spanhidden

India’s 2020 budget continues the process of opening up to overseas investment.

Sustainability is gaining traction in the creative industries, with the Italian region of Trentino designing a film production rating protocol that is being considered by the EU.

London LEP and Thames Valley Berkshire LEP hold on to their respective first and second places in the Local Enterprise Partnership rankings, while Oxfordshire LEP jumps up eight places to third. 

Kuwait's National Vision 2035 has economic diversification at its heart. This move from hydrocarbon reliance to other sectors is attracting investor attention, as Wendy Atkins reports.

Passion Capital's Eileen Burbidge talks to fDi about what fintech companies should consider when expanding internationally, and why London will always be a key market in the sector.

Global free zones may be spurring development in less economically developed countries

Despite recurrent challenges, Afghanistan’s business environment is improving. Now the authorities are working to persuade investors the rewards are worth the risk through a series of economic and legal reforms. 

Venture capital funding has reached record levels in recent years, enabling start-ups to expand across borders – but their ability to do this depends on their type of business, and where they are founded.

Here’s the latest wrinkle in the battery boom: National Grid Plc is paying consumers to tap electricity from their power-storage systems.

Miriam Gozalo is an electrification project development manager at BP, one of the largest oil and gas companies in the world. Her work is squarely focused on the energy transition. Read what she has to say about her role working on ultra-fast electric vehicle charging stations in a company that most people associate with drilling rigs and gasoline.

According to a review by the SUN DAY Campaign of data just released by the Federal Energy Regulatory Commission (FERC), within the past month, the agency has dramatically revised its three-year forecast for changes in the U.S. electrical generating capacity mix. Sharp declines are foreseen for fossil fuels and nuclear power while accompanied by even stronger growth in renewable energy (i.e., biomass, geothermal, hydropower, solar, wind) than earlier projected.

Missouri’s smallest investor-owned utility is charting a dramatically different course two years after being acquired by new owners.

Dominion executives said in an interview this week that battery storage has the potential to improve the resiliency of the electrical grid

The four proposed central Virginia lithium-ion projects will cost about $33 million to build and offer 5-years’ worth of test data, according to Dominion.

This week Aman, Jordan-based Philadelphia Solar announced that the 8.2-MW solar PV project that it installed at the Abdali Medical Center in Jordan has entered commercial operation.

In recognition of the widely acknowledged studies that show that organizations with gender equality perform better financially, this year POWERGEN International, along with partner UL, is launching a new awards program that seeks out women of good character.