•Lockheed Martin deploys the 3DEXPERIENCE platform as an engineering and manufacturing planning toolset •Multi-year collaboration aims to speed timelines and improve efficiencies of next generation products •Digital experience platform approach drives advances in complex, sophisticated aircraft innovation

QRadar Community Edition version 7.3.1.6 is vulnerable to instantiation of arbitrary objects based on user-supplied input. An authenticated attacker can abuse this to perform various types of attacks including server-side request forgery and (potentially) arbitrary execution of code.

Zero Day Initiative Advisory 10-231 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Juniper SA Series devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the meeting_testjava.cgi page which is used to test JVM compatibility. When handling the DSID HTTP header the code allows an attacker to inject arbitrary javascript into the page. This can be abused by an attacker to perform a cross-site scripting attack on the device.

Whitepaper called From Zero Credentials to Full Domain Compromise. This paper covers techniques penetration testers can use in order to accomplish an initial foothold on target networks and achieve full domain compromise without executing third party applications or reusing clear text credentials.

A flaw was found in Workspace Control that allows a local unprivileged user to retrieve the database or Relay server credentials from the Windows Registry. These credentials are encrypted, however the encryption that is used is reversible. This issue was successfully verified on Ivanti Workspace Control version 10.2.700.1 and 10.2.950.0.

Centreon version 19.10.5 suffers from a database credential disclosure vulnerability.

Many Cisco devices such as Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P, Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160, and Cisco 160W suffer from having hard-coded credentials, known GNU glibc, known BusyBox, and IoT Inspector identified vulnerabilities.

Cisco DCNM JBoss version 10.4 suffers from a credential leakage vulnerability.

KVM suffers from an uninitialized memory leak vulnerability in kvm_inject_page_fault.

This Metasploit module exploits an uninitialized variable vulnerability in the Annotation Objects ActiveX component. The activeX component loads into memory without opting into ALSR so this module exploits the vulnerability against windows Vista and Windows 7 targets. A large heap spray is required to fulfill the requirement that EAX points to part of the ROP chain in a heap chunk and the calculated call will hit the pivot in a separate heap chunk. This will take some time in the users browser.

A git clone action can leak cached / stored credentials for github.com to example.com due to insecure handling of newlines in the credential helper protocol.

XBOX 360 Aurora version 0.6b default credential FTP bruteforcing script.

Avast Anti-Virus versions prior to 19.1.2360 suffer from a local credential disclosure vulnerability.

Zero Day Initiative Advisory 11-109 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari on the iPhone. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the support for parsing Office files. When handling the OfficeArtMetafileHeader the process trusts the cbSize field and performs arithmetic on it before making an allocation. As the result is not checked for overflow, the subsequent allocation can be undersized. Later when copying into this buffer, memory can be corrupted leading to arbitrary code execution under the context of the mobile user on the iPhone.

Here’s the latest wrinkle in the battery boom: National Grid Plc is paying consumers to tap electricity from their power-storage systems.

Solar Foundation and the Solar Energy Industries Association (SEIA) are joining the National Renewable Energy Laboratory (NREL), several national residential solar companies, and other nonprofit organizations to develop new automated permit software for distributed solar and storage, reducing the cost of solar installations and saving resources for local governments and taxpayers.

Europe can potentially generate 100 times the current amount of energy generated, and produce enough power to power the world until 2050, if it were to maximize land use for onshore wind capacity.

In conjunction with North America’s Smart Energy Week, LG Electronics (LG) is underscoring its role as a top player within the U.S. residential solar market at the 2019 Solar Power International Conference.

Even as they touted ambitious proposals to reduce carbon emissions to a national audience, Democratic candidates for president tried to balance the boldness of their plans with the need for simplifying a complex scientific problem to make it palatable to voters.

Today SunPower is launching its next generation solar panel called A-series, which boasts 400 or 415 watts, in the United States. A new 400-watt product, Maxeon 3, is available in Europe and Australia.

Southeast Asia is poised for a long-overdue and much-needed boom in solar.

Building solar and wind energy projects on potentially contaminated lands can be a golden opportunity, both effective and cost-effective, for developers. The 120-acre Reilly Tar & Chemical Corporation Superfund site was recently redeveloped with a utility-scale solar farm and is a prime example of the reuse potential inherent in thousands of Superfund sites, brownfields, retired power plants, and landfills.

Even as they touted ambitious proposals to reduce carbon emissions to a national audience, Democratic candidates for president tried to balance the boldness of their plans with the need for simplifying a complex scientific problem to make it palatable to voters.

This week Autogrid announced that it entered into a partnership with Swell Energy to provide software for managing Swell’s growing fleet of distributed energy resources (DER).

Biogas is a resource that has enormous potential in Spain and beyond. Biogas technologies convert organic wastes into renewable energy, clean transport fuel, and nutrient-rich natural fertiliser, reducing greenhouse gas emissions and improving energy and food security and air quality. A recent study commissioned by Naturgy, Spain’s largest natural gas distributor, showed a potential for 26,684 gigawatt hours (GWh) of biogas in the country, enough to cover the energy demand of 40% of Spain’s households.

Last week, Sunrun announced that its bid to supply 20 MW of residential solar + storage capacity into the New England ISO Forward Capacity Market for 2022-2023 was approved. According to Chris Rauscher, Director of Policy and Storage Market Strategy for Sunrun, this is not a pilot project or an experiment in any way.

Here’s the latest wrinkle in the battery boom: National Grid Plc is paying consumers to tap electricity from their power-storage systems.

Naval shipbuilder Navantia Australia, a subsidiary of Spain-based Navantia S.A., has opened a new design and engineering centre in Melbourne.