iFileExplorer Free for iPod Touch / iPhone version 2.8 suffers from a remote directory traversal vulnerability.

Checkview version 1.1 for iPhone / iPod Touch suffers from a directory traversal vulnerability.

iPhone/iPad Phone Drive version 1.1.1 suffers from a directory traversal vulnerability.

A heap memory buffer overflow vulnerability exists within the WebKit's JavaScriptCore JSArray::sort(...) method. The exploit for this vulnerability is javascript code which shows how to use it for memory corruption of internal JS objects (Unit32Array and etc.) and subsequent arbitrary code execution (custom ARM/x64 payloads can be pasted into the JS code). This exploit affects Apple Safari version 6.0.1 for iOS 6.0 and OS X 10.7/8. Earlier versions may also be affected. It was obtained through the Packet Storm Bug Bounty program.

A heap memory buffer overflow vulnerability exists within the WebKit's JavaScriptCore JSArray::sort(...) method. This method accepts the user-defined JavaScript function and calls it from the native code to compare array items. If this compare function reduces array length, then the trailing array items will be written outside the "m_storage->m_vector[]" buffer, which leads to the heap memory corruption. This finding was purchased through the Packet Storm Bug Bounty program.

An issue exists where a malformed iMessage can brick an iPhone. A method in IMCore can throw an NSException due to a malformed message containing a property with key IMExtensionPayloadLocalizedDescriptionTextKey with a value that is not a NSString.

This repository contains several tools Project Zero uses to test iPhone messaging. It includes SmsSimulator: an SMS simulator for iPhone, iMessage: tools for sending and dumping iMessage messages, and imapiness: a fuzzer for IMAP clients. See the directory for each tool for further instructions and contact information. This is not an officially supported Google product. These tools were released and presented at BlackHat USA 2019.

This Metasploit module exploits a directory traversal vulnerability (CVE-2015-1830) in Apache ActiveMQ versions 5.x before 5.11.2 for Windows. The module tries to upload a JSP payload to the /admin directory via the traversal path /fileserver/..\admin\ using an HTTP PUT request with the default ActiveMQ credentials admin:admin (or other credentials provided by the user). It then issues an HTTP GET request to /admin/.jsp on the target in order to trigger the payload and obtain a shell.

This Metasploit module exploits an authenticated directory traversal vulnerability in Zen Load Balancer version 3.10.1. The flaw exists in index.cgi not properly handling the filelog= parameter which allows a malicious actor to load arbitrary file path.

(Please visit the site to view this video)

What does it take to make a city greener? In San Francisco, it took a small group of motivated people to come together to create a nonprofit. After the city cut funding for urban forestry 36 years ago, seven individuals decided to take matters into their own hands. They created a nonprofit, Friends of the Urban Forest (FUF).

Starting with a Small Budget, FUF Plants Nearly Half San Francisco's Street Trees

The organization started off with just a small budget from a leftover city grant. Then it used grassroots efforts to rally neighborhoods throughout the city around urban trees. By empowering and supporting communities and homeowners to plant and care for their own trees, FUF has successfully planted 60,000 of the 125,000 trees in San Francisco. The group eventually even worked with the city to create San Francisco's first ever Urban Forest Plan.

FUF Harnesses the Power of Many Volunteers to Plant and Advocate for Trees

FUF is a member of TechSoup, and TechSoup's staffers were very excited to reach out for an interview to hear more about the group's impact. My team joined FUF early on a Saturday morning for its volunteer tree planting event in the Portola neighborhood, a part of the city that is lacking street trees. It was cold even by San Francisco standards, but there was an impressive turnout of volunteers present and ready to plant.

The executive director of FUF, Dan Flanagan, joined us and told us about his work. "We get to get out in the city and make it greener. We advocate for trees; I always call ourselves the Lorax of San Francisco. We are the only organization in San Francisco that is speaking for the trees."

FUF Gets the Chance to Plant Even More Trees … in Neighborhoods That Really Need Them

Dan was excited about a recent accomplishment for the organization. San Francisco just passed Proposition E, which opens up major opportunities for the nonprofit. As he said, "It changes the responsibility from street trees and sidewalks away from the homeowners and to the city. As a result, homeowners are no longer responsible, and now we actually get a chance to make the city more green than ever before by planting more trees in neighborhoods that couldn't afford it before."

This policy makes the city responsible for maintenance, but it will still require FUF to continue its work of planting the trees. FUF hopes to plant 1,700 trees this year and ultimately hopes to plant 3,000 trees every year.

FUF Puts Technology from TechSoup to Work

I was curious to find out how FUF was using technology to further its mission. Jason Boyce, individual gifts manager, said: "Here at Friends of the Urban Forest, a lot of our field staff tend to be out in the field all day; technology really needs to be out of the way to allow us to plant. So, as a result, the relationships we build with our community tend to be stronger because we use technology to enable our work, but it doesn't get in the way of our work."

Jason explained, "We have been working with ArcMap for years, ... GIS software that TechSoup has provided for us. We use it to plant trees, to figure out where we are going to plant. When we do our plantings, we actually dole out the maps that our volunteers use to do the plantings, and all that comes through ArcMap. We use Adobe Acrobat to put together our tree manuals for our new tree owners and volunteer manuals. We use AutoCAD to put together the permit drawings for our sidewalk gardens. Technology plays a really important role in doing our plantings and making San Francisco more green."

FUF Partners with the City to Calculate the Environmental Benefits of Trees

Jason also recently worked with the city on the Urban Forest Map, which is an interactive online map that tracks every tree in San Francisco. The map helps calculate the environmental benefits the trees provide, including stormwater mitigation, air pollutants captured, and carbon dioxide removed from the atmosphere. This platform has increased the visibility of the city's urban forest.

As Jason said, "We are now at the forefront of cities worldwide that are building software to manage their urban forests. … [This] really gives a lot of benefit to the people living in San Francisco."

TechSoup is proud to support organizations like Friends of the Urban Forest by enabling them with the technology they need. That support gives them more time to focus on their impact, like planting trees, or to build the communities that help them thrive.

spanhidden

The Inland Empire, which encompasses 27,000 square miles in Southern California, has one of the highest rates of poverty in the U.S.'s twenty-five largest metropolitan areas. One in five people there live at the poverty level. Smooth Transition, Inc., is a nonprofit educational and vocational training organization that has been working with local at-risk populations since 2009. It aims to provide a gateway towards empowerment, educational, and employment opportunities to lead a fulfilling, prosperous, and purposeful life.

Breaking Harmful Cycles

Smooth Transition began working to reach at-risk teens early — before they dropped out of high school or left the foster care system. It later expanded its program to include all at-risk populations, including displaced adults, as a means to better help the community. Smooth Transition's life skills development and educational training increase levels of employability. Its mentorship helps prevent its clients from re-entering the foster and judicial system or repeating poverty and homelessness cycles.

The nonprofit provides flexible and relevant programs that are accredited through the Western Association of Schools and Colleges. Its programs are directly tied to career pathways and provide students with vocational certifications at little or no cost to them. Graduates have a high completion rate as compared with other programs that serve at-risk populations. But students also come away with significant increases in their perceived self-value and a decrease in perceived barriers to success.

Keeping the Computer Labs Secure

In 2016, Smooth Transition served roughly 2,800 people with just four full-time staff members. Many of its programs are computer-based and require that its computer labs serve multiple uses and multiple users. One of the organization's board members manages its IT needs on a volunteer basis. He recommended Symantec's Norton Small Business, and the organization has been using it on its systems since it was founded.

Symantec's donation of antivirus protection — through TechSoup — has enabled the nonprofit to safely use its computer labs and has increased the number of programs and services it can offer to its students. According to Dr. Robin Goins, president and executive director of Smooth Transition, "The donations we receive are the foundation of our success, and we cannot express enough the generational and community impact the Symantec donations provide us. Smooth Transition is an appreciative recipient of the donations we received from Symantec and we look forward to providing even more impactful community programs as a result."

Goins goes on to describe how Smooth Transition's testing centers are networked, with students taking roughly 250,000 different kinds of exams. She worried that without security in the testing centers, the tests would be disrupted, causing a very serious problem. "If we have things disrupting our classes it costs us money. It also costs students the ability to complete their work. Having viruses attack us would be catastrophic for us."

Goins points out that Norton Small Business also helps protect confidential information. "As a school, we're required to protect the identity of our students and a lot of their demographic information," she said.

Smooth Transition will continue to work throughout the Inland Empire to provide flexible training and resources for those who don't fit the traditional education model. Though it faces many challenges in providing students with real, relevant work tools and skills, its staff is relieved, knowing that its systems and data are protected.

spanhidden

In 2015, the state of Louisiana consumed more energy per capita than any other state, according to the U.S. Energy Information Administration. Although this may not come as a complete surprise — the state's warm, muggy climate makes air conditioning a must — it's clear that Louisiana's energy-use profile needs a drastic transformation.

The Energy Wise Alliance (EWA), a small nonprofit based in New Orleans, is determined to do just that. Along the way, the organization has gotten a boost from Microsoft's MileIQ app.

MileIQ is a mobile app from Microsoft that automatically tracks the miles you've traveled and records all of your tax-deductible and reimbursable mileage. It's kind of like using a Fitbit, except you're tracking your driving. You can report your business drives on demand and claim your reimbursements or maximize your tax deductions. The average MileIQ user is logging $6,900 per year.

Building a More Energy-Efficient Community

EWA works to make energy efficiency more accessible to everyone. The organization works primarily with low-income families, tenants, and others who would otherwise be left out of the green energy revolution. EWA accomplishes its goals through both workshops and equipment upgrades at homes and businesses.

Its Energy Smart for Kids program teaches students throughout the state how to lead a more energy-efficient lifestyle. These hourlong sessions cover the pitfalls of nonrenewable energy and detail more sustainable alternatives. At the end of each session, EWA volunteers hand out energy-efficiency starter kits so students can apply what they learned at home.

Much like the rest of EWA's programs, Energy Smart for Kids serves underserved and underprivileged communities. In fact, many of the schools that EWA serves are Title 1 schools — schools whose students generally come from lower-income households.

Aside from schools, EWA also helps nonprofits become more sustainable.

Making Nonprofits Greener and More Cost-Efficient

Nonprofits can benefit from EWA's work by way of simple but effective power-saving retrofits. EWA also provides volunteer labor and donates the materials for the retrofits, which means added cost savings. And as we all know, cost-saving programs are like gold dust for nonprofits.

For example, volunteers from EWA revitalized the Victorian-era headquarters of the Alliance Française, a nonprofit dedicated to preserving Francophone heritage in the New Orleans community, with sustainable retrofits. As part of these upgrades, EWA sealed cracks, gaps, and openings; installed additional insulation; and programmed new thermostats.

In addition, EWA gave the Alliance Française's volunteers a hands-on demonstration of behavioral changes so that they could bring this knowledge back home. EWA anticipated that the Alliance Française would save a total of $2,000 to $3,000 as a result of these green improvements.

EWA's staff members also actively save money and operate more efficiently through the use of the mile-tracking app MileIQ.

Saving Time and Money with MileIQ

This method, as you can imagine, was time-consuming, and it brought with it the risk of human error. Most people can't possibly remember every single trip they make with their car, after all.

"MileIQ is super accurate and takes the forgetting out of the equation," said Jamie Wine, executive director of EWA.

For Kevin Kellup, education coordinator at EWA, MileIQ has been a game-changer. Jamie explained, "Kevin drives like crazy from school to school," racking up miles on his personal car. Now, thanks to MileIQ, Kevin can get more fairly and accurately reimbursed for his constant traveling.

The most important benefit of Microsoft's MileIQ for Jamie is that his staff can be correctly reimbursed for mileage. He wants to show staff members that he values their time and effort spent traveling, which MileIQ really helps him achieve.

For nonprofits, particularly small ones like EWA, it's always great when the team can receive fair compensation for its hard work. "The staff doesn't get paid much," Jamie said. And considering how important staff members' work is to the community, every penny matters. That's also where TechSoup comes in.

TechSoup's Role: "Essential"

Through TechSoup, eligible nonprofits can get MileIQ at 80 percent off the subscription rate. "Without TechSoup," Jamie noted, "this huge step up in technology" would not have been possible. The MileIQ discount program from Microsoft has made acquiring MileIQ way easier on the nonprofit's pocket.

Having also previously obtained Microsoft Office 365 and QuickBooks Online through TechSoup, Jamie said, "TechSoup is a great equalizer." He mentioned that TechSoup helps a small nonprofit to grow into a technologically advanced organization. He added, "The super discounted products from TechSoup are like the pot of gold at the end of the rainbow."

Getting MileIQ Premium

Eligible nonprofits can get MileIQ at 80 percent off the individual subscription rate through TechSoup and can request an unlimited number of individual subscriptions. In addition to individual subscriptions, MileIQ is now included with an Office 365 Business Premium license. Nonprofits who currently do not have an Office 365 license can visit Microsoft's Office 365 for nonprofits page to register.

This blog post was written by Nicholas Fuchs.

spanhidden

Here's a simple way to keep your data safe from potential bad actors in one easy step. Are you ready? Here it is: Log out and lock your computer whenever you're not in front of it.

That's right, it's so simple it can almost be seen as an analog approach to cybersecurity. But make no mistake, all those in-depth disk encryption efforts can be rendered pointless. If you step away from your computer while it's on and unlocked, anyone passing by can access it.

Working Remotely Promotes Data Vulnerability

What's perhaps most insidious about someone gaining physical access to your computer is the fact that the attacker doesn't need any advanced technical know-how to steal sensitive information. A momentary lapse in vigilance at work or a coffee shop can result in a data breach of epic proportions.

Let's say you're working remotely at your favorite café down the street from your apartment and you get up to put in an order for a late breakfast, forgetting to lock your laptop. During that brief moment, a low-key cybervillian could easily stick a USB drive into your computer and copy any sensitive files about you — or your organization — and leave undetected.

Furthermore, if you were logged in to Gmail, your medical records, or your bank account, that malefactor could wreak havoc on your personal and professional life in a matter of minutes.

Tips for Protecting Yourself

The good news about all of this is that warding off these types of would-be data plunderers is really, really easy — it's simply a matter of using your operating system's screen locking functionality. If you don't want to do this, then at the very least you should log out of any sensitive online accounts whenever you step away from your machine.

For each of the following options, be sure you are aware of the password connected to your user login before locking yourself (or anyone else) out.

Screen Locking in Microsoft Windows

• Press Ctrl+Alt+Delete and select Lock this computer
• Press Windows+L

Either of these will lock your computer and require a password to log back in. You can choose Control Panel > Personalization > Screen Saver Settings and set up a screen saver that provides a login screen to get back in once it's been initiated.

Screen Locking in macOS

• On an external keyboard or older laptops, press Ctrl+Shift+Eject
• On a MacBook Air or Pro Retina, press Ctrl+Shift+Power

You can also go to System Preferences > Security & Privacy > General and select Require password immediately after sleep or screen saver begins (provided you have already set up a screen saver by clicking System Preferences > Desktop & Screen Saver).

Additional Cybersecurity Resources

• Find out how to recognize suspicious emails and protect yourself against malware through better password security
• Check out our recent post on the future of security threats

Get more security tips from the National Cyber Security Alliance. National Cyber Security Awareness Month — observed every October — was created as a collaborative effort between government and industry to ensure that all Americans have the resources they need to stay safer and more secure online. Find out how you can get involved.

Image: National Cyber Security Alliance

spanhidden

The chief executive of Ras Al Khaimah Economic Zone (RAKEZ), shares his views over the perks of free zones in emerging markets. 

Warsaw already offers a skilled workforce and has improved its infrastructure – now it must focus on climate change and reducing congestion, mayor Rafał Trzaskowski tells fDi.

This Metasploit module exploits a type confusion bug in the Javascript Proxy object in WebKit. The DFG JIT does not take into account that, through the use of a Proxy, it is possible to run arbitrary JS code during the execution of a CreateThis operation. This makes it possible to change the structure of e.g. an argument without causing a bailout, leading to a type confusion (CVE-2018-4233). The type confusion leads to the ability to allocate fake Javascript objects, as well as the ability to find the address in memory of a Javascript object. This allows us to construct a fake JSCell object that can be used to read and write arbitrary memory from Javascript. The module then uses a ROP chain to write the first stage shellcode into executable memory within the Safari process and kick off its execution. The first stage maps the second stage macho (containing CVE-2017-13861) into executable memory, and jumps to its entrypoint. The CVE-2017-13861 async_wake exploit leads to a kernel task port (TFP0) that can read and write arbitrary kernel memory. The processes credential and sandbox structure in the kernel is overwritten and the meterpreter payloads code signature hash is added to the kernels trust cache, allowing Safari to load and execute the (self-signed) meterpreter payload.

FDI in the leisure and entertainment sector has risen sharply in recent years, with Asia-Pacific the leading region 

FDI into Brazil has increased by 66.48% in a little under two years. Jonathan Wildsmith reports.

JinkoSolar Holding Co., the world’s biggest solar panel maker, sees China’s photovoltaic power additions slumping this year and a greater share of its revenue coming from overseas amid uncertainties over Beijing’s new policies.

Bolivian President Evo Morales has inaugurated the 69-MW San Jose II Hydroelectric Power Plant in the municipality of Colomi, department of Cochabamba.

Today, solar power has become cheaper than the production cost of any other existing conventional power generation technology. The arrival of grid parity heralds a milestone in the history of energy production. It means solar energy being commercially viable without any subsidies or state support; producing energy with the lowest possible environmental impact.

Hydrogen, which has been touted as the fuel of the future much of the past five decades, may finally be on the verge of converting its potential to reality.

Go Electric Inc. is a specialist in energy resiliency solutions for microgrids and commercial & industrial customers integrating renewables and generators

New York’s Climate Leadership and Community Protection Act passed the Assembly early in the morning of June 20 and will now await the governor’s signature. Solar advocates praised the state legislature’s adoption of long anticipated legislation that will require at least 70 percent of electric generation come from renewable sources by 2030 and providing needed funding to low-income and environmental justice communities.

Yesterday, ENGIE Storage announced that San Diego International Airport (SAN) installed a 2 MW/4 MWh GridSynergy energy storage system. Paired with the airport’s existing 5.5 MW of solar capacity, the new energy storage system will reduce energy charges during peak demand, which according to ENGIE equate to approximately 40 percent of the airport’s monthly electricity costs. The system is expected to begin operation in early 2020.

An Abu Dhabi-based company that builds drilling platforms for oil giant Saudi Aramco plans to diversify into renewable energy by supplying gear for offshore wind farms.

The Massachusetts Department of Public Utilities has issued an order approving long-term contracts for 9,554,940 MWh annually of hydropower between H.Q. Energy Services (U.S.) Inc. and the Commonwealth’s electric distribution companies through the New England Clean Energy Connect 100% Hydro project (NECEC Hydro).

Commercial property owners with existing energy storage systems, or owners considering implementing an energy storage system, may be able to benefit from a recent order by the Massachusetts Department of Public Utilities (DPU) allowing utility companies to pay customers who agree to rely upon their energy storage systems and dispatch the energy during peak events.

The Clean Power Alliance (CPA) has signed three long-term power purchase agreements, including two new solar projects and one existing small hydro project.

Saudi Arabia, the world’s biggest oil exporter, is poised to start generating wind power within three years as part of an effort to harness renewable energy to cut local demand for fossil fuels.

Last week, Corvias announced that it had entered the final phase of its geothermal installation and energy upgrades effort at the U.S. Army’s Fort Polk in West-Central Louisiana, a milestone that once complete will not only modernize the aging infrastructure but save the Army significant money and benefit military families.

Steve Sawyer, 63, Senior Policy Advisor and former Secretary General of the Global Wind Energy Council, passed away on July 31, 2019 of a sudden and aggressive lung cancer.

ENGIE Storage has announced it will supply and operate a 19 MW/38 MWh portfolio of six energy storage sites that will contribute to the Solar Massachusetts Renewable Target Program and participate in ISO-New England wholesale markets.

Digitalisation is one of the biggest enablers of the global transition to clean energy. From intelligent asset management, to Artificial Intelligence and the Internet of Things. Find out how digitalisation is transforming the management, operation and maintenance of renewable energy assets, and driving a more efficient renewable world.

California, long a progressive leader on renewable energy and climate change mitigation, has neglected a key market segment for renewable energy: the “community-scale,” or “wholesale distributed generation” (DG), market. This market segment is defined as projects below 20 megawatts that connect to the distribution grid and export power to the grid for sale.

This week, San José’s Community Choice Aggregator (CCA) which is called San José Clean Energy (SJCE) and EDP Renewables SA (EDPR), through its fully owned subsidiary EDP Renewables North America LLC (EDPR NA), signed a 20-year power purchase agreement (PPA) for 100 MW of new solar energy capacity and 10 MW of battery storage at the Sonrisa Solar Park in Fresno County, California. The project is anticipated to be operational in 2022.

Coming on the heels of Gap’s announced 90-MW PPA with Enel Green Power, BloombergNEF released its 2H 2019 corporate energy market outlook in which it said that corporations signed contracts to purchase 8.6 GW of clean energy in 2019 through July, up from 7.2 GW at the same time last year.

The national average price of wind power purchase agreements dropped to below 2 cents/kWh in 2018, according to the annual Wind Technologies Market Report released by the U.S. Department of Energy.

The UK’s North West Hydrogen Alliance (NWHA) is calling for government investment in hydrogen projects to meet ambitious carbon reductions targets in Britain.