SunOS version 5.10 Generic_147148-26 local privilege escalation exploit. A buffer overflow in the CheckMonitor() function in the Common Desktop Environment versions 2.3.1 and earlier and 1.6 and earlier, as distributed with Oracle Solaris 10 1/13 (Update 11) and earlier, allows local users to gain root privileges via a long palette name passed to dtsession in a malicious .Xdefaults file.

A low impact information disclosure vulnerability in the setuid root xlock binary distributed with Solaris may allow local users to read partial contents of sensitive files. Due to the fact that target files must be in a very specific format, exploitation of this flaw to escalate privileges in a realistic scenario is unlikely.

A buffer overflow in the _SanityCheck() function in the Common Desktop Environment version distributed with Oracle Solaris 10 1/13 (Update 11) and earlier allows local users to gain root privileges via a long calendar name or calendar owner passed to sdtcm_convert in a malicious calendar file. The open source version of CDE (based on the CDE 2.x codebase) is not affected, because it does not ship the vulnerable program. Versions 1.6 and below are affected.

NTCrackPipe is a basic local Windows account cracking tool.

Avast Anti-Virus versions prior to 19.1.2360 suffer from a local credential disclosure vulnerability.

smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell meta-characters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.

London has been named fDi’s inaugural Fintech Location of the Future for 2019/20, followed by Singapore and Belfast. 

Australia tops the FDI Strategy category of fDi's Tourism Locations of the Future 2019/20 rankings, followed by Costa Rica and Azerbaijan.

man-cgi versions prior to 1.16 suffer from a local file inclusion vulnerability.

Here's a simple way to keep your data safe from potential bad actors in one easy step. Are you ready? Here it is: Log out and lock your computer whenever you're not in front of it.

That's right, it's so simple it can almost be seen as an analog approach to cybersecurity. But make no mistake, all those in-depth disk encryption efforts can be rendered pointless. If you step away from your computer while it's on and unlocked, anyone passing by can access it.

Working Remotely Promotes Data Vulnerability

What's perhaps most insidious about someone gaining physical access to your computer is the fact that the attacker doesn't need any advanced technical know-how to steal sensitive information. A momentary lapse in vigilance at work or a coffee shop can result in a data breach of epic proportions.

Let's say you're working remotely at your favorite café down the street from your apartment and you get up to put in an order for a late breakfast, forgetting to lock your laptop. During that brief moment, a low-key cybervillian could easily stick a USB drive into your computer and copy any sensitive files about you — or your organization — and leave undetected.

Furthermore, if you were logged in to Gmail, your medical records, or your bank account, that malefactor could wreak havoc on your personal and professional life in a matter of minutes.

Tips for Protecting Yourself

The good news about all of this is that warding off these types of would-be data plunderers is really, really easy — it's simply a matter of using your operating system's screen locking functionality. If you don't want to do this, then at the very least you should log out of any sensitive online accounts whenever you step away from your machine.

For each of the following options, be sure you are aware of the password connected to your user login before locking yourself (or anyone else) out.

Screen Locking in Microsoft Windows

• Press Ctrl+Alt+Delete and select Lock this computer
• Press Windows+L

Either of these will lock your computer and require a password to log back in. You can choose Control Panel > Personalization > Screen Saver Settings and set up a screen saver that provides a login screen to get back in once it's been initiated.

Screen Locking in macOS

• On an external keyboard or older laptops, press Ctrl+Shift+Eject
• On a MacBook Air or Pro Retina, press Ctrl+Shift+Power

You can also go to System Preferences > Security & Privacy > General and select Require password immediately after sleep or screen saver begins (provided you have already set up a screen saver by clicking System Preferences > Desktop & Screen Saver).

Additional Cybersecurity Resources

• Find out how to recognize suspicious emails and protect yourself against malware through better password security
• Check out our recent post on the future of security threats

Get more security tips from the National Cyber Security Alliance. National Cyber Security Awareness Month — observed every October — was created as a collaborative effort between government and industry to ensure that all Americans have the resources they need to stay safer and more secure online. Find out how you can get involved.

Image: National Cyber Security Alliance

spanhidden

Long-dominant global supply chains look less tenable in the light of pressures ranging from pandemics to disasters, trade tensions and protectionism.

The UK is the top country, but Dublin is leading city, for foreign companies setting up headquarters in Europe, according to fDi’s ranking.

Continued African development could hinge on public finance reforms.

Financial incentives from two different cities persuaded US grocery chain The Fresh Market to stay headquartered in its home state of North Carolina.

Sardar Popalzai, president of the Balochistan Economic Forum, talks about the blue economy and the Pakistani province’s tourism potential.

The Energy Web Foundation (EWF) this week announced that it has launched the world’s first public, open-source, enterprise-grade blockchain tailored to the energy sector: the Energy Web Chain (EW Chain). As a refresher, blockchain allows for peer-to-peer energy market transactions.

Clearway Energy Group, one of the U.S.’s largest clean power developers, is launching a pilot electronic marketplace for renewable energy credits as more states push for solar and wind projects.

The Lockett Wind farm in Wilbarger has the potential to generate more than 700,000 MWh of renewable energy per year, enough to power the equivalent of 70,000 homes. 

The financial benefits of buying and selling locally produced energy from rooftop solar, wind turbines and batteries within communities have been revealed in a test case run by energy tech firm LO3 Energy.

This week independent power producer Marubeni and LO3 Energy said they have started a pilot project in Japan where LO3 will administer an energy marketplace using blockchain to connect a number of Marubeni’s power production facilities, including renewables, with offices and factories around Japan in a virtual marketplace. The project will simulate energy transactions to test the viability of the concept with the ultimate goal of creating a full-scale commercially operational network in the future.

Two large-scale solar farms are set to make Warrington Borough Council the first local authority in the UK to produce all its own electricity from clean energy.

Last week, the Energy Web Foundation (EWF) announced it had officially signed more than 100 affiliates in an effort to become the world’s largest blockchain ecosystem.

Ameren is preparing to test a Canadian company’s software that could someday help usher in a radically different business model for the utility.

Clearway Energy Group, one of the U.S.’s largest clean power developers, is launching a pilot electronic marketplace for renewable energy credits as more states push for solar and wind projects.

According to Martin Lim, COO of Electrify.Asia, a company facilitating peer-to-peer energy trading across the distribution grid, blockchain technology doesn’t take utilities out of the equation, but rather it adds another layer of potential revenue for them and helps reduce the cost of delivering energy to homes and businesses.

Digital solutions could revolutionize energy trading if they were adopted more widely across the market.

One of the first unbiased, major comprehensive reviews of blockchain has concluded that the technology is “actually delivering on its promises in a number of areas directly related to energy”.

This week independent power producer Marubeni and LO3 Energy said they have started a pilot project in Japan where LO3 will administer an energy marketplace using blockchain to connect a number of Marubeni’s power production facilities, including renewables, with offices and factories around Japan in a virtual marketplace. The project will simulate energy transactions to test the viability of the concept with the ultimate goal of creating a full-scale commercially operational network in the future.

Last week, the Energy Web Foundation (EWF) announced it had officially signed more than 100 affiliates in an effort to become the world’s largest blockchain ecosystem.

Ameren is preparing to test a Canadian company’s software that could someday help usher in a radically different business model for the utility.

The Boeing Company is set to design and build a large, military unmanned air vehicle (UAV) in Australia, with the first flight set for 2020. The Australian government will invest A$40 million in the project.

Political deadlock over Australia’s clean energy future is prompting companies such as Vestas Wind Systems A/S and Acciona SA to increasingly turn to rival markets for growth.

An educational campaign announced this week by the National Hydropower Association aims to increase awareness about the hydroelectric sector amongst the public and policymakers.

An educational campaign announced this week by the National Hydropower Association aims to increase awareness about the hydroelectric sector amongst the public and policymakers.

India’s Cabinet Committee on Economic Affairs announced today it has approved investment for the generation component of the 900-MW Arun 3 hydropower project on Arun River in Sankhuwasabha district of eastern Nepal, for an estimated Rs. 5723.72 crore (US$854.4 million).