Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.

SAPUI5 version 1.0.0 and the SAP Gateway versions 7.5, 7.51, 7.52 and 7.53are vulnerable to content spoofing in multiple parameters.

Open-Xchange OX App Suite suffers from a content spoofing, cross site scripting, and information disclosure vulnerabilities. Versions affected vary depending on the vulnerability.

Apple Security Advisory 2019-9-26-9 - Safari 13.0.1 addresses user interface spoofing and browser history leakage vulnerabilities.

This is a proof of concept exploit that demonstrates the Microsoft Windows CryptoAPI spoofing vulnerability as described in CVE-2020-0601 and disclosed by the NSA.

Apple Security Advisory 2020-1-28-5 - Safari 13.0.5 is now available and addresses address bar spoofing and password disclosure in transit issues.

Google Invisible RECAPTCHA version 3 suffers from a spoofing bypass vulnerability.

The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.

Apple iPhone 4 with iOS 4.3 (8F190) suffers from a passphrase disclosure vulnerability that allows all local processes access to it.

This whitepaper details some of the vulnerabilities observed over the past year while performing regular security assessments of iPhone and iPad applications. MDSec documents some of the vulnerabilities identified as well as the methods to exploit them, and recommendations that developers can adopt to protect their iOS applications. It covers not only the security features of the platform, but provides in depth information on how to perform both black box and white box iOS penetration tests, along with suggested methodologies and compliance.

A heap memory buffer overflow vulnerability exists within the WebKit's JavaScriptCore JSArray::sort(...) method. The exploit for this vulnerability is javascript code which shows how to use it for memory corruption of internal JS objects (Unit32Array and etc.) and subsequent arbitrary code execution (custom ARM/x64 payloads can be pasted into the JS code). This exploit affects Apple Safari version 6.0.1 for iOS 6.0 and OS X 10.7/8. Earlier versions may also be affected. It was obtained through the Packet Storm Bug Bounty program.

A heap memory buffer overflow vulnerability exists within the WebKit's JavaScriptCore JSArray::sort(...) method. This method accepts the user-defined JavaScript function and calls it from the native code to compare array items. If this compare function reduces array length, then the trailing array items will be written outside the "m_storage->m_vector[]" buffer, which leads to the heap memory corruption. This finding was purchased through the Packet Storm Bug Bounty program.

Visual Voicemail for iPhone suffers from a use-after-free vulnerability in IMAP NAMESPACE processing.

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

This Metasploit module exploits a directory traversal vulnerability (CVE-2015-1830) in Apache ActiveMQ versions 5.x before 5.11.2 for Windows. The module tries to upload a JSP payload to the /admin directory via the traversal path /fileserver/..\admin\ using an HTTP PUT request with the default ActiveMQ credentials admin:admin (or other credentials provided by the user). It then issues an HTTP GET request to /admin/.jsp on the target in order to trigger the payload and obtain a shell.

This tool is a wrapper for the reaver WPS attack toolkit. As there is no automatic way to prescan, decide, and then start the attack, this wrapper takes care of it. Written in perl.

Atlantis in South Africa has a new SEZ focused on green manufacturing, which is hoping to turn around the area's fortunes. Annie Hessler reports.

Htcap is a web application analysis tool for detecting communications between javascript and the server. It crawls the target application and maps ajax calls, dynamically inserted scripts, websockets calls, dynamically loaded resources and some interesting elements. The generated report is meant to be a good starting point for a manual web application security audit. Htcap is written in python and uses phantomjs to load pages injecting a probe that analyzes javascript behaviour. Once injected, the probe, overrides native javascript methods in order to intercept communications and DOM changes. It also simulates user interaction by firing all attached events and by filling html inputs.

Fall has arrived, and with it comes fundraising season. More than one-third of charitable giving happens in the last three months of the year, and the emergence of Giving Tuesday (on November 28 this year) makes the year's end even more critical for charities.

Feeling overwhelmed? Your local NetSquared group is here to help with free, in-person events being held across the U.S. and the globe.

Naples, Florida, is hosting a meetup on tools for effective email fundraising; Chippewa Falls, Wisconsin, is hosting a series of Giving Tuesday brainstorming sessions; and Chicago, Illinois, will explore how your CRM can save end-of-year fundraising plans.

With more than 75 events scheduled for October, there's probably an event scheduled for your community, so RSVP now for one of our meetups.

Join us!

Upcoming Tech4Good Events

This roundup of face-to-face nonprofit tech events includes meetups from NetSquared, NTEN's Tech Clubs, and other awesome organizations. If you're holding monthly events that gather the #nptech community, let me know, and I'll include you in the next community calendar, or apply today to start your own NetSquared group.

Jump to events in North America or go international with events in

• Africa and Middle East
• Asia and Pacific Rim
• Central and South America
• Europe and U.K.

North America

Monday, October 2, 2017

• Vancouver, British Columbia: Photojournalism for Nonprofits and Small Businesses #Storymakers2017

Tuesday, October 3, 2017

• Portland, Oregon
  • Happy Hour with Nonprofit Tech Luminaries
  • NTEN Presents: Oregon Nonprofit Tech Roundup
• Montréal, Québec: Développer une Présence Web Efficace
• Naples, Florida: Tools for Effective Email Communication
• Mason, Ohio: Connecting Nonprofits and Techies in Cincinnati

Wednesday, October 4, 2017

• Pittsburgh, Pennsylvania: Bagels and Bytes — Allegheny
• Baltimore, Maryland: WordPress 101 and Tech Help and Consultations
• San Francisco, California: Code for America Civic Hack Night (Weekly)

Thursday, October 5, 2017

• Calgary, Alberta: Evening on Data Ethics

Friday, October 6, 2017

• Seattle, Washington: King County Executive Director Forum

Monday, October 9, 2017

• Chippewa Falls, Wisconsin: Giving Tuesday Brainstorming

Tuesday, October 10, 2017

• Columbus, Ohio: Nonprofit IT Forum
• Decatur, Illinois: Free and Low-Cost Resources for Nonprofit Software
• Ottawa, Ontario: Review Progress on Data Analysis Projects

Wednesday, October 11, 2017

• Mason, Ohio: Help Create an App for Homeless to Manage Money More Effectively
• San Francisco, California: Code for America Civic Hack Night (Weekly)
• Boston, Massachusetts: Tech Networks of Boston Roundtable: Building an Effective Data Culture at Your Nonprofit
• O’Fallon, Missouri: Learn How to Apply for a $10,000 per Month Google AdWords Grant
• Phoenix, Arizona: Website Building 101: Quick and Easy Web Presence for Nonprofits
• Los Angeles, California: Nonprofit Volunteer Management
• Chicago, Illinois: Net Neutrality

Thursday, October 12, 2017

• Chicago, Illinois: It's Never Too Late: How Your CRM Can Save End-of-Year Fundraising
• Seattle, Washington: What You Need to Know About Board Governance

Saturday, October 14, 2017

• Saint Paul, Minnesota: Minnesota Blogger Conference | by Get Social Events, the Social Media Breakfast Folks ($25)

Monday, October 16, 2017

• San Francisco, California: Social Impact in Tech: Panel Discussion with LinkedIn, Lyft, and Salesforce
• Chippewa Falls, Wisconsin: Giving Tuesday Brainstorming
• Seattle, Washington: Fall Nonprofit Technology Speed Geek

Tuesday, October 17, 2017

• Buffalo, New York: Essential Data Management
• Orlando, Florida: Tech4Good Orlando October: Search Engine Optimization and Strategy

Wednesday, October 18, 2017

• San Francisco, California: Code for America Civic Hack Night (Weekly)
• Houston, Texas: NetSquared Houston
• Research Triangle Park, North Carolina: Crowdsourcing Change: The Social Web to Nonprofits

Thursday, October 19, 2017

• Monroeville, Pennsylvania: TechNow 2017 Conference
• Sweet Briar, Virginia: Using Data to Reach Your Audience

Friday, October 20, 2017

• West Chester, Ohio: Southwest Ohio Give Camp
• Boston, Massachusetts: Tech Networks of Boston Roundtable: Can Appmaker Help You? A Free Database Tool from Google

Monday, October 23, 2017

• Chippewa Falls, Wisconsin: Giving Tuesday Brainstorming
• Austin, Texas: Engaging the Millennial Donor

Tuesday, October 24, 2017

• Vancouver, British Columbia: How Delivering Webinars Can Benefit Your Mission

Wednesday, October 25, 2017

• Baltimore, Maryland: Salesforce 101 for Nonprofits and Free Tech Help and Guidance
• San Francisco, California: Code for America Civic Hack Night (Weekly)
• Seattle, Washington: Recruit, Engage, and Retain a Great Board

Monday, October 30, 2017

• Chippewa Falls, Wisconsin: Giving Tuesday Brainstorming

Tuesday, October 31, 2017

• Seattle, Washington: Bolder and Wiser: Nonprofit Advocacy Rights (Part 2)

Central and South America

Wednesday, October 4, 2017

• Guatemala City, Guatemala: Pechakucha Guatemala — Historias Digitales Vol. 15

Africa and Middle East

Sunday, October 1, 2017

• Cotonou, Benin: L'Utilité des Logiciels de TechSoup dans la Progression d Nos ONG dans le Monde
• Kampala, Uganda: Digital Storytelling for Nonprofits Workshop

Monday, October 2, 2017

• Ouagadougou, Burkina Faso: Monthly Meeting of Local Members

Saturday, October 7, 2017

• Matloding, South Africa: Technology for Rural Development
• Bunda, Tanzania: Microsoft Cloud Computing
• Morogoro, Tanzania: Role of ICT for Farm Management

Wednesday, October 11, 2017

• Bamenda, Cameroon: How to Create Digital Stories

Friday, October 13, 2017

• Katabi, Uganda: Using Social Media Applications for Development
• Pangani, Tanzania: Storymakers Campaign

Saturday, October 14, 2017

• Bunda, Tanzania: Microsoft Cloud Computing

Sunday, October 15, 2017

• Cotonou, Benin: Les Logiciels Mis en Don par Techsoup.org pour les ONG et Association au Benin

Saturday, October 21, 2017

• Bunda, Tanzania: Microsoft Cloud Computing

Saturday, October 28, 2017

• Bunda, Tanzania: Microsoft Cloud Computing
• Morogoro, Tanzania: Technology for Livelihood Improvement

Asia and Pacific Rim

Tuesday, October 3, 2017

• Taipei, Taiwan: NGO要怎麼搞群眾募資？- 綠盟經驗談

Wednesday, October 4, 2017

• Singapore, Singapore: DataJam!

Tuesday, October 10, 2017

• Wellington, New Zealand: Set Your Email Newsletter on Fire | Net2Welly Oct '17 Meetup

Sunday, October 15, 2017

• Jakarta, Indonesia: Web Hosting

Europe and U.K.

Tuesday, October 3, 2017

• Paris, France: AdWords Express — Grands Débutants

Wednesday, October 4, 2017

• Puidoux, Switzerland: 7ème Journée Pédagogique ESV-SPV (AVMES/AVMD)

Friday, October 6, 2017

• Carouge, Switzerland: 12h de Hackaton pour Afficher les Termes et Conditions, Que Vous Ne Lirez Jamais

Saturday, October 7, 2017

• Genève, Switzerland: LINforum3 Partage Idée, Réflexion, Projet, Startup, Service … Responsables!

Wednesday, October 11, 2017

• Cambridge, United Kingdom: Social Media Surgery — Hands-on Help with Social Media

Thursday, October 12, 2017

• Paris, France: La Data pour Vous Renforcer

Saturday, October 14, 2017

• Pully, Switzerland: Intergen.Digital à Pully

Monday, October 16, 2017

• Birmingham, United Kingdom: Social Media Session

Tuesday, October 17, 2017

• Dublin, Ireland: Smart Cities for Good

Wednesday, October 18, 2017

• Paris, France: Forum National des Associations et des Fondations
• Bordeaux, France: Les Personas pour Optimiser Votre Conversion

Thursday, October 19, 2017

• Bath, United Kingdom: Tech for Good Community Mapping
• Paris, France: Brainstorming, Plans d'Actions sur Internet

Wednesday, October 25, 2017

• Manchester, United Kingdom: Tech for Good: At the BBC
• Paris, France: AdWords – Initiation
• Paudex, Switzerland: RdV4–0.ch: 3. Solutions Informatiques — Cloud — SaaS — Services en Ligne

Thursday, October 26, 2017

• Barcelona, Spain: ¡Relanzamos NetSquared Barcelona! ¡Te Esperamos!
• Paris, France: Analytics — Initiation

Tuesday, October 31, 2017

• Renens, Switzerland: OpenLab: Visite du Fablab de Renens

Left photo: Gregory Munyaneza / NetSquared Rwanda / CC BY

Center photo: Chrispin Okumu / NetSquared Kenya / CC BY

Right photo: Chrispin Okumu / NetSquared Kenya / CC BY

spanhidden

Escalation in protests across the globe in 2019 are forecast to persist into the new decade, according to Verisk Maplecroft report.

India’s 2020 budget continues the process of opening up to overseas investment.

Sustainability is gaining traction in the creative industries, with the Italian region of Trentino designing a film production rating protocol that is being considered by the EU.

London LEP and Thames Valley Berkshire LEP hold on to their respective first and second places in the Local Enterprise Partnership rankings, while Oxfordshire LEP jumps up eight places to third. 

Bangladesh minister for ICT Zunaid Ahmed Palak talks to Jacopo Dettoni about the government’s ambitious Digital Bangladesh programme designed to reach village level. 

Passion Capital's Eileen Burbidge talks to fDi about what fintech companies should consider when expanding internationally, and why London will always be a key market in the sector.

Despite recurrent challenges, Afghanistan’s business environment is improving. Now the authorities are working to persuade investors the rewards are worth the risk through a series of economic and legal reforms. 

German chemical giant BASF has begun construction of its $10bn mega project in southern China, which will be the country’s first wholly foreign-owned chemical complex. 

President Obrador aims to mobilise billions in public and private investment to create an alternative to the Panama Canal along the Tehuantepec corridor. 

Venture capital funding has reached record levels in recent years, enabling start-ups to expand across borders – but their ability to do this depends on their type of business, and where they are founded.