WordPress Windows Desktop and iPhone Photo Uploader plugin suffers from a remote shell upload vulnerability.

Lithuania's Go Vilnius has been named fDi’s IPA of the Year for 2019, and organisations from across the globe are commended for their investment promotion and economic development activities. 

TRENDnet TEW-818RDU versions 1 ("ac1900") and 2 ("ac3200") PIN disclosure exploit.

An exploitable unverified password change vulnerability exists in the ACEManager upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a unverified device configuration change, resulting in an unverified change of the user password on the device. An attacker can make an authenticated HTTP request to trigger this vulnerability.

The Inland Empire, which encompasses 27,000 square miles in Southern California, has one of the highest rates of poverty in the U.S.'s twenty-five largest metropolitan areas. One in five people there live at the poverty level. Smooth Transition, Inc., is a nonprofit educational and vocational training organization that has been working with local at-risk populations since 2009. It aims to provide a gateway towards empowerment, educational, and employment opportunities to lead a fulfilling, prosperous, and purposeful life.

Breaking Harmful Cycles

Smooth Transition began working to reach at-risk teens early — before they dropped out of high school or left the foster care system. It later expanded its program to include all at-risk populations, including displaced adults, as a means to better help the community. Smooth Transition's life skills development and educational training increase levels of employability. Its mentorship helps prevent its clients from re-entering the foster and judicial system or repeating poverty and homelessness cycles.

The nonprofit provides flexible and relevant programs that are accredited through the Western Association of Schools and Colleges. Its programs are directly tied to career pathways and provide students with vocational certifications at little or no cost to them. Graduates have a high completion rate as compared with other programs that serve at-risk populations. But students also come away with significant increases in their perceived self-value and a decrease in perceived barriers to success.

Keeping the Computer Labs Secure

In 2016, Smooth Transition served roughly 2,800 people with just four full-time staff members. Many of its programs are computer-based and require that its computer labs serve multiple uses and multiple users. One of the organization's board members manages its IT needs on a volunteer basis. He recommended Symantec's Norton Small Business, and the organization has been using it on its systems since it was founded.

Symantec's donation of antivirus protection — through TechSoup — has enabled the nonprofit to safely use its computer labs and has increased the number of programs and services it can offer to its students. According to Dr. Robin Goins, president and executive director of Smooth Transition, "The donations we receive are the foundation of our success, and we cannot express enough the generational and community impact the Symantec donations provide us. Smooth Transition is an appreciative recipient of the donations we received from Symantec and we look forward to providing even more impactful community programs as a result."

Goins goes on to describe how Smooth Transition's testing centers are networked, with students taking roughly 250,000 different kinds of exams. She worried that without security in the testing centers, the tests would be disrupted, causing a very serious problem. "If we have things disrupting our classes it costs us money. It also costs students the ability to complete their work. Having viruses attack us would be catastrophic for us."

Goins points out that Norton Small Business also helps protect confidential information. "As a school, we're required to protect the identity of our students and a lot of their demographic information," she said.

Smooth Transition will continue to work throughout the Inland Empire to provide flexible training and resources for those who don't fit the traditional education model. Though it faces many challenges in providing students with real, relevant work tools and skills, its staff is relieved, knowing that its systems and data are protected.

spanhidden

4

In Week 1 of National Cybersecurity Awareness Month (NCSAM) we looked at spoofed emails, cybercriminals' preferred method of spreading malware. Today, in an effort to provide you with the best information out there to keep you safe online, we're hitting you with a double dose of cybersafety news.

Let's take look at the topics for Week 2 and 3 of National Cybersecurity Awareness Month: malware and password security. They're separate but related issues in the world of Internet crime prevention, and a better understanding of each is key to protecting your property and personal information in today's digital world.

Malware

Malware is an umbrella term used to describe software that is intended to damage or disable computers and computer systems. If you'd like, you can take a moment and watch this video on malware from Norton Security. But the best way to begin protecting yourself against this stuff is to learn about all the different types of malware that can affect your computer. There are tons, so we'll just go over the broader categories for now.

Viruses: Malicious bits of code that replicate by copying themselves to another program, computer boot sector, or document and change how a computer works. Viruses are typically attached to an executable file or program and spread once a user opens that file and executes it.

Worms: They're like viruses, but are different in terms of the way they're spread. Worms typically exploit a vulnerability or a weakness that allows an attacker to reduce a system's information assurance. Missed that last Windows update? You might be more vulnerable to worms.

Trojans: These look like legitimate pieces of software and are activated after a user executes them. Unlike a virus or a worm, a trojan does not replicate a copy of itself. Instead, it lurks silently in the background, compromising users' sensitive personal data.

Ransomware: This refers to a type of malware that prevents or limits users from accessing their system, either by locking the system's screen or by locking or threatening to erase the users' files unless a ransom is paid. You may recall the WannaCry attack that affected users across the globe this summer, only to be thwarted by the accidental discovery of a "kill switch" that saved people from the malicious software.

Spyware: This malware collects your personal information (such as credit card numbers) and often passes this information along to third parties online without you knowing.

You can check out more descriptions and examples of the types of malware that exist today at MalwareFox, a malware detection and removal software program.

Tips for Protecting Yourself Against Malware

Staying malware-free doesn't require an engineering degree. You can greatly reduce, if not completely eliminate, your chances of falling victim to malware by following these easy tips.

• Keep your operating system current.
• Keep your software up to date, particularly the software you use to browse the Internet.
• Install antivirus and security software and schedule weekly scans. At TechSoup, we're protected by Symantec Endpoint Protection. At home, there are dozens of solutions you can use to protect yourself (PCMag lists many here).
• Mind where you click. Think twice before you download torrent videos or free Microsoft Office templates from some random website.
• Avoid public, nonpassword, nonencrypted Wi-Fi connections when you can. Use a VPN when you cannot.

Spread the Word

Let people know that TechSoup is helping you become more #CyberAware by sharing a message on your social media channels. If you tag @TechSoup on Twitter, we'll retweet the first two tweets. Remember, we're all in this together.

Password Security

Now that we've covered the nasty stuff that can make your life miserable if it ends up on your computer, let's go over some password security tips to help prevent malware from getting there in the first place. Using best practices when it comes to protecting your passwords is a proven way to protect your personal and financial information. Curious how knowledgeable you already are? Watch this video and take this quiz to enter a drawing for a $25 Amazon gift card!

First, let's go over some facts.

• Passwords are the first line of defense to protect your personal and financial information.
• A weak password can allow viruses to gain access to your computer and spread through TechSoup's or your family's network.
• It's estimated that 73 percent of users have the same password for multiple sites and 33 percent use the same password every time. (Source: Digicert, May 2014)
• Despite a small sample size of 1,110 U.S. adults, a recent YouGov survey still found that 28 percent of adults use the same passwords for most of their online accounts. (Source: Business Insider, October 2017).

Best Practices for Effective Password Protection

One great way to better protect yourself is by opting for a passphrase, which is much more difficult to crack than a single-word password. Here are some guidelines to creating one.

• Pick a famous quote or saying and use the first letter of each word.
• Add a number that you can remember.
• Capitalize one letter.
• Make it unique by adding the first letter of your company's name to the beginning or end of the passphrase.
• Make it between 16 and 24 characters.

You should never write your password down, but if you must, never store user IDs and passwords together. Finally — even though it might seem unwieldy — you should always use a different password for each site that requires one. In today's world, everything is connected. A savvy hacker can easily breach your bank account, email, and medical records in one fell swoop if you're using the same password for all three.

Additional Cybersecurity Resources

In case you missed it, take a look at last week's post on recognizing suspicious emails.

Need a little inspiration? Find out how TechSoup and Symantec are making a difference in the lives of at-risk teens.

Get more security tips from the National Cyber Security Alliance. National Cyber Security Alliance Month — observed every October — was created as a collaborative effort between government and industry to ensure that all Americans have the resources they need to stay safer and more secure online. Find out how you can get involved.

spanhidden

The EU is considering a broader mandate for the EBRD, and its president, Sir Suma Chakrabarti, believes its model would work in sub-Saharan Africa.

Bradford has been rated as the most improved city by the Good Growth for Cities 2019 index, while Oxford remained the highest performing UK city.

The UK’s prime minister has pledged to rebalance the UK economy away from a dominant London. However, this might require greater incentives for foreign investment in the regions outside of the capital, which are underperforming. 

London LEP and Thames Valley Berkshire LEP hold on to their respective first and second places in the Local Enterprise Partnership rankings, while Oxfordshire LEP jumps up eight places to third. 

Foreign investment into Serbia is growing at a healthy pace thanks to its attractive automotive manufacturing industry and highly regarded free zones.

The global pharmaceutical sector has seen consistent growth since 2014, with western Europe a major beneficiary.

Tesla's decision part of broader trend of investment into Germany at UK's expense.

Despite recurrent challenges, Afghanistan’s business environment is improving. Now the authorities are working to persuade investors the rewards are worth the risk through a series of economic and legal reforms. 

Sino-European foreign direct investment is converging, according to data from fDi Markets.

While governments grow more protectionist over trade and physical borders, companies such as Microsoft are bridging the gap by funding international collaborative enterprises.

The European Bank for Reconstruction and Development has attracted praise for launching a climate-resilience bond to help finance environmental projects.

Figures show 2018 was India’s best year for manufacturing FDI in seven years.

A sparsely populated Chinese province that’s home to the headwaters of the Yangtze and Yellow rivers is attempting to set a new record for clean energy use, serving as a test bed for the entire country.

The U.S. Environmental Protection Agency (EPA) has issued the Affordable Clean Energy (ACE) rule and simultaneously repealed the Clean Power Plan (CPP).

Last week, the New Jersey Board of Public Utilities announced it selected Ocean Wind, an offshore wind energy project proposed by Ørsted with support from PSEG, to develop an 1,100 MW offshore wind farm. Ocean Wind will be located 15 miles off the coast of Atlantic City. Construction is expected to commence in the early 2020s, with the wind farm operational in 2024.

It may be safe for a bird to land on a wire, but not on two of them at once.

A 138 MW windfarm in Turkey is to be powered by 27 turbines from GE Renewable Energy.

The American Wind Energy Association (AWEA) has released data for Q2, indicating activity rose to new heights in the wind development sector.

California, long a progressive leader on renewable energy and climate change mitigation, has neglected a key market segment for renewable energy: the “community-scale,” or “wholesale distributed generation” (DG), market. This market segment is defined as projects below 20 megawatts that connect to the distribution grid and export power to the grid for sale.

A new battery made from affordable and durable materials generates energy from places where salt and fresh waters mingle. The technology could make coastal wastewater treatment plants energy-independent and carbon neutral.

Freyr AS, a startup planning to build one of Europe’s first battery gigafactories in Norway, has a bigger vision for the region: a “Nordic Battery Belt.”

The U.S. land-based wind industry installed 7,588 MW of capacity last year, bringing the overall utility-scale total to more than 96 GW. 

This week Aman, Jordan-based Philadelphia Solar announced that the 8.2-MW solar PV project that it installed at the Abdali Medical Center in Jordan has entered commercial operation.

In recognition of the widely acknowledged studies that show that organizations with gender equality perform better financially, this year POWERGEN International, along with partner UL, is launching a new awards program that seeks out women of good character.

Instead of a wall, build a first-of-its-kind energy park that spans the 1,954 miles of the border between the United States and Mexico to bring energy, water, jobs and border security to the region.

RenewableUK highlighted last week that Great Britain’s onshore and offshore wind farms generated more electricity than any other source of power last week.

Idaho Power unveiled a goal Tuesday to provide 100-percent clean energy by 2045 on the heels of an announcement that it will purchase 120-MW of solar energy through a PPA with Jackpot Holdings at a price of less than US $0.022 cents per kWh.

ComEd sees a significant role for energy storage on Illinois’ electric grid as the state works toward realizing its ambitious renewable goals.

Today, IREC proudly joins the collective voice of advocates and industry celebrating a milestone we have worked for 37 years to witness: two million solar installations now in the U.S. What better timing than in a year when children and governors, presidential candidates and corporate CEOs are all making headlines about the urgency of climate change action.

The U.S. Environmental Protection Agency (EPA) has issued the Affordable Clean Energy (ACE) rule and simultaneously repealed the Clean Power Plan (CPP).

In recognition of the widely acknowledged studies that show that organizations with gender equality perform better financially, this year POWERGEN International, along with partner UL, is launching a new awards program that seeks out women of good character.

Three-row crossover SUVs are having their day in the sun. These family haulers provide the spaciousness and safety of a minivan with the style and performance of something less...egg-shaped. Two of the bestselling three-row SUVs, the 2020 Honda Pilot and 2020 Ford Explorer, go about their family business a bit differently. What the Pilot lacks in...