Secunia Security Advisory - A vulnerability has been reported in Apple iPhone iOS, which can be exploited by malicious people to compromise a vulnerable device.

Secunia Security Advisory - Some vulnerabilities has been reported in Apple iOS for iPhone 4 (CDMA), which can be exploited by malicious people to compromise a vulnerable device.

Qualys discovered a vulnerability in OpenSMTPD, OpenBSD's mail server. This vulnerability, an out-of-bounds read introduced in December 2015, is exploitable remotely and leads to the execution of arbitrary shell commands.

graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie if a guest user has the graph real-time privilege.

Ubuntu Security Notice 4294-1 - It was discovered that OpenSMTPD mishandled certain input. A remote, unauthenticated attacker could use this vulnerability to execute arbitrary shell commands as any non-root user. It was discovered that OpenSMTPD did not properly handle hardlinks under certain conditions. An unprivileged local attacker could read the first line of any file on the filesystem.

Teltonika RUT9XX routers with firmware before 00.04.233 are prone to multiple unauthenticated OS command injection vulnerabilities in autologin.cgi and hotspotlogin.cgi due to insufficient user input sanitization. This allows remote attackers to execute arbitrary commands with root privileges.

The FLIR Brickstream 3D+ sensor is vulnerable to unauthenticated config download and file disclosure vulnerability when calling the ExportConfig REST API (getConfigExportFile.cgi). This will enable the attacker to disclose sensitive information and help her in authentication bypass, privilege escalation and/or full system access.

An exploitable unverified password change vulnerability exists in the ACEManager upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a unverified device configuration change, resulting in an unverified change of the user password on the device. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Ubuntu Security Notice 4059-1 - It was discovered that Squid incorrectly handled certain SNMP packets. A remote attacker could possibly use this issue to cause memory consumption, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that Squid incorrectly handled the cachemgr.cgi web module. A remote attacker could possibly use this issue to conduct cross-site scripting attacks. Various other issues were also addressed.

D-Link DIR-859 Routers are vulnerable to OS command injection via the UPnP interface. The vulnerability exists in /gena.cgi (function genacgi_main() in /htdocs/cgibin), which is accessible without credentials.

FDI into Latvia has recovered in recent years as the Baltic state has implemented stricter anti-money laundering procedures. Latvian minister of economics Ralfs Nemiro talks to Alex Irwin-Hunt about the progress made.

The CEO of the UN’s Global Compact initiative, Lise Kingo, talks about the sustainability shift in the C-suite, FDI’s role in achieving the SDGs and how CEOs can address common risks.

Fall has arrived, and with it comes fundraising season. More than one-third of charitable giving happens in the last three months of the year, and the emergence of Giving Tuesday (on November 28 this year) makes the year's end even more critical for charities.

Feeling overwhelmed? Your local NetSquared group is here to help with free, in-person events being held across the U.S. and the globe.

Naples, Florida, is hosting a meetup on tools for effective email fundraising; Chippewa Falls, Wisconsin, is hosting a series of Giving Tuesday brainstorming sessions; and Chicago, Illinois, will explore how your CRM can save end-of-year fundraising plans.

With more than 75 events scheduled for October, there's probably an event scheduled for your community, so RSVP now for one of our meetups.

Join us!

Upcoming Tech4Good Events

This roundup of face-to-face nonprofit tech events includes meetups from NetSquared, NTEN's Tech Clubs, and other awesome organizations. If you're holding monthly events that gather the #nptech community, let me know, and I'll include you in the next community calendar, or apply today to start your own NetSquared group.

Jump to events in North America or go international with events in

• Africa and Middle East
• Asia and Pacific Rim
• Central and South America
• Europe and U.K.

North America

Monday, October 2, 2017

• Vancouver, British Columbia: Photojournalism for Nonprofits and Small Businesses #Storymakers2017

Tuesday, October 3, 2017

• Portland, Oregon
  • Happy Hour with Nonprofit Tech Luminaries
  • NTEN Presents: Oregon Nonprofit Tech Roundup
• Montréal, Québec: Développer une Présence Web Efficace
• Naples, Florida: Tools for Effective Email Communication
• Mason, Ohio: Connecting Nonprofits and Techies in Cincinnati

Wednesday, October 4, 2017

• Pittsburgh, Pennsylvania: Bagels and Bytes — Allegheny
• Baltimore, Maryland: WordPress 101 and Tech Help and Consultations
• San Francisco, California: Code for America Civic Hack Night (Weekly)

Thursday, October 5, 2017

• Calgary, Alberta: Evening on Data Ethics

Friday, October 6, 2017

• Seattle, Washington: King County Executive Director Forum

Monday, October 9, 2017

• Chippewa Falls, Wisconsin: Giving Tuesday Brainstorming

Tuesday, October 10, 2017

• Columbus, Ohio: Nonprofit IT Forum
• Decatur, Illinois: Free and Low-Cost Resources for Nonprofit Software
• Ottawa, Ontario: Review Progress on Data Analysis Projects

Wednesday, October 11, 2017

• Mason, Ohio: Help Create an App for Homeless to Manage Money More Effectively
• San Francisco, California: Code for America Civic Hack Night (Weekly)
• Boston, Massachusetts: Tech Networks of Boston Roundtable: Building an Effective Data Culture at Your Nonprofit
• O’Fallon, Missouri: Learn How to Apply for a $10,000 per Month Google AdWords Grant
• Phoenix, Arizona: Website Building 101: Quick and Easy Web Presence for Nonprofits
• Los Angeles, California: Nonprofit Volunteer Management
• Chicago, Illinois: Net Neutrality

Thursday, October 12, 2017

• Chicago, Illinois: It's Never Too Late: How Your CRM Can Save End-of-Year Fundraising
• Seattle, Washington: What You Need to Know About Board Governance

Saturday, October 14, 2017

• Saint Paul, Minnesota: Minnesota Blogger Conference | by Get Social Events, the Social Media Breakfast Folks ($25)

Monday, October 16, 2017

• San Francisco, California: Social Impact in Tech: Panel Discussion with LinkedIn, Lyft, and Salesforce
• Chippewa Falls, Wisconsin: Giving Tuesday Brainstorming
• Seattle, Washington: Fall Nonprofit Technology Speed Geek

Tuesday, October 17, 2017

• Buffalo, New York: Essential Data Management
• Orlando, Florida: Tech4Good Orlando October: Search Engine Optimization and Strategy

Wednesday, October 18, 2017

• San Francisco, California: Code for America Civic Hack Night (Weekly)
• Houston, Texas: NetSquared Houston
• Research Triangle Park, North Carolina: Crowdsourcing Change: The Social Web to Nonprofits

Thursday, October 19, 2017

• Monroeville, Pennsylvania: TechNow 2017 Conference
• Sweet Briar, Virginia: Using Data to Reach Your Audience

Friday, October 20, 2017

• West Chester, Ohio: Southwest Ohio Give Camp
• Boston, Massachusetts: Tech Networks of Boston Roundtable: Can Appmaker Help You? A Free Database Tool from Google

Monday, October 23, 2017

• Chippewa Falls, Wisconsin: Giving Tuesday Brainstorming
• Austin, Texas: Engaging the Millennial Donor

Tuesday, October 24, 2017

• Vancouver, British Columbia: How Delivering Webinars Can Benefit Your Mission

Wednesday, October 25, 2017

• Baltimore, Maryland: Salesforce 101 for Nonprofits and Free Tech Help and Guidance
• San Francisco, California: Code for America Civic Hack Night (Weekly)
• Seattle, Washington: Recruit, Engage, and Retain a Great Board

Monday, October 30, 2017

• Chippewa Falls, Wisconsin: Giving Tuesday Brainstorming

Tuesday, October 31, 2017

• Seattle, Washington: Bolder and Wiser: Nonprofit Advocacy Rights (Part 2)

Central and South America

Wednesday, October 4, 2017

• Guatemala City, Guatemala: Pechakucha Guatemala — Historias Digitales Vol. 15

Africa and Middle East

Sunday, October 1, 2017

• Cotonou, Benin: L'Utilité des Logiciels de TechSoup dans la Progression d Nos ONG dans le Monde
• Kampala, Uganda: Digital Storytelling for Nonprofits Workshop

Monday, October 2, 2017

• Ouagadougou, Burkina Faso: Monthly Meeting of Local Members

Saturday, October 7, 2017

• Matloding, South Africa: Technology for Rural Development
• Bunda, Tanzania: Microsoft Cloud Computing
• Morogoro, Tanzania: Role of ICT for Farm Management

Wednesday, October 11, 2017

• Bamenda, Cameroon: How to Create Digital Stories

Friday, October 13, 2017

• Katabi, Uganda: Using Social Media Applications for Development
• Pangani, Tanzania: Storymakers Campaign

Saturday, October 14, 2017

• Bunda, Tanzania: Microsoft Cloud Computing

Sunday, October 15, 2017

• Cotonou, Benin: Les Logiciels Mis en Don par Techsoup.org pour les ONG et Association au Benin

Saturday, October 21, 2017

• Bunda, Tanzania: Microsoft Cloud Computing

Saturday, October 28, 2017

• Bunda, Tanzania: Microsoft Cloud Computing
• Morogoro, Tanzania: Technology for Livelihood Improvement

Asia and Pacific Rim

Tuesday, October 3, 2017

• Taipei, Taiwan: NGO要怎麼搞群眾募資？- 綠盟經驗談

Wednesday, October 4, 2017

• Singapore, Singapore: DataJam!

Tuesday, October 10, 2017

• Wellington, New Zealand: Set Your Email Newsletter on Fire | Net2Welly Oct '17 Meetup

Sunday, October 15, 2017

• Jakarta, Indonesia: Web Hosting

Europe and U.K.

Tuesday, October 3, 2017

• Paris, France: AdWords Express — Grands Débutants

Wednesday, October 4, 2017

• Puidoux, Switzerland: 7ème Journée Pédagogique ESV-SPV (AVMES/AVMD)

Friday, October 6, 2017

• Carouge, Switzerland: 12h de Hackaton pour Afficher les Termes et Conditions, Que Vous Ne Lirez Jamais

Saturday, October 7, 2017

• Genève, Switzerland: LINforum3 Partage Idée, Réflexion, Projet, Startup, Service … Responsables!

Wednesday, October 11, 2017

• Cambridge, United Kingdom: Social Media Surgery — Hands-on Help with Social Media

Thursday, October 12, 2017

• Paris, France: La Data pour Vous Renforcer

Saturday, October 14, 2017

• Pully, Switzerland: Intergen.Digital à Pully

Monday, October 16, 2017

• Birmingham, United Kingdom: Social Media Session

Tuesday, October 17, 2017

• Dublin, Ireland: Smart Cities for Good

Wednesday, October 18, 2017

• Paris, France: Forum National des Associations et des Fondations
• Bordeaux, France: Les Personas pour Optimiser Votre Conversion

Thursday, October 19, 2017

• Bath, United Kingdom: Tech for Good Community Mapping
• Paris, France: Brainstorming, Plans d'Actions sur Internet

Wednesday, October 25, 2017

• Manchester, United Kingdom: Tech for Good: At the BBC
• Paris, France: AdWords – Initiation
• Paudex, Switzerland: RdV4–0.ch: 3. Solutions Informatiques — Cloud — SaaS — Services en Ligne

Thursday, October 26, 2017

• Barcelona, Spain: ¡Relanzamos NetSquared Barcelona! ¡Te Esperamos!
• Paris, France: Analytics — Initiation

Tuesday, October 31, 2017

• Renens, Switzerland: OpenLab: Visite du Fablab de Renens

Left photo: Gregory Munyaneza / NetSquared Rwanda / CC BY

Center photo: Chrispin Okumu / NetSquared Kenya / CC BY

Right photo: Chrispin Okumu / NetSquared Kenya / CC BY

spanhidden

(Please visit the site to view this video)

If you're a frequent visitor to our site, you might notice a few changes in the coming weeks. That's because we're making some big improvements and are proud to announce the upcoming launch of the newly redesigned TechSoup.org.

As a social enterprise, we never stop working to better serve nonprofits that share in our commitment to building a more equitable planet. In fact, TechSoup currently works with more than 965,000 NGOs in 236 countries and territories and has facilitated over $9 billion in U.S. market value of in-kind technology and funding.

To that end, we've created a refreshed, modern web presence to streamline access to all our traditional and beloved products and services. It will also serve as the place where TechSoup technologies and services are first announced.

The new TechSoup.org has been optimized for mobile devices, so you'll be able to experience all the new functionality wherever you go. We've also built the site with accessibility in mind on several fronts. And we're launching a new blog.

Our new website will officially go live in early November.

A Streamlined User Experience

Nonprofits who are regular visitors to TechSoup will find a streamlined catalog that makes finding product offers and solutions easier and more efficient. Additionally, the home page has been reconfigured, sending a clearer message of who we are and what we offer as an organization.

"We reduced clutter and developed a cleaner, simpler user experience with more breathing room in the interface to encourage users to do what they are intended to do on the site," says TechSoup head of user experience Tyler Benari. "It will now be easier to benefit from offerings available in and out of our catalog, interact with others in the nonprofit community, and gain access to other TechSoup services."

Maximized for Mobile

TechSoup's updated website will be maximized for mobile devices, allowing nonprofit staffers to take advantage of the many offers on TechSoup.org right from their phone or tablet.

"It's an exciting time," Benari says. "We will now be able to literally get TechSoup into more people's hands. Redesigning the site to be more mobile-friendly will allow us to grow our community much faster and better serve the existing nonprofits we love so much."

Improved Accessibility

The newly redesigned TechSoup.org also features greater accessibility and is informed by Web Content Accessibility 2.0 Guidelines (WCAG).

"TechSoup cares very much about accessibility and enabling access for all people," Benari says, describing two key factors that have been improved upon: contrast and code. "Our new color scheme makes it easier for people with impaired vision to access content on the site, and our code was updated to better communicate with screen readers."

A New Blog Platform

Finally, we're excited to introduce our new blog, more suited to integrate existing TechSoup.org content in a single, easy-to-access location. We've given the platform an upgrade, complete with a fresh look and improved functionality aimed to make blog posts more easily shareable and to promote a more robust multimedia experience.

You'll continue to see improvements in the coming months as we receive feedback from the communities we serve. Also, be on the lookout for more information surrounding the new site, including a webinar and short video.

spanhidden

Tanzania's economy is booming and its tourism sector is thriving. However, concerns about the president's strong-arm tactics and delays in the completion of key infrastructure projects are threatening this growth.

Ubuntu Security Notice 4335-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, bypass same-origin restrictions, conduct cross-site scripting attacks, or execute arbitrary code. Various other issues were also addressed.

Ubuntu Security Notice 4336-1 - It was discovered that GNU binutils contained a large number of security issues. If a user or automated system were tricked into processing a specially-crafted file, a remote attacker could cause GNU binutils to crash, resulting in a denial of service, or possibly execute arbitrary code.

Ubuntu Security Notice 4337-1 - It was discovered that OpenJDK incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service while processing a specially crafted regular expression. It was discovered that OpenJDK incorrectly handled class descriptors and catching exceptions during object stream deserialization. An attacker could possibly use this issue to cause a denial of service while processing a specially crafted serialized input. Various other issues were also addressed.

Ubuntu Security Notice 4338-1 - Agostino Sarubbo discovered that re2c incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code.

Ubuntu Security Notice 4339-1 - Brandon Perry discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 20.04 LTS. Tan Jie discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 20.04 LTS. Various other issues were also addressed.

Ubuntu Security Notice 4332-2 - USN-4332-1 fixed vulnerabilities in File Roller. This update provides the corresponding update for Ubuntu 20.04 LTS. It was discovered that File Roller incorrectly handled symlinks. An attacker could possibly use this issue to expose sensitive information.

Ubuntu Security Notice 4340-1 - It was discovered that CUPS incorrectly handled certain language values. A local attacker could possibly use this issue to cause CUPS to crash, leading to a denial of service, or possibly obtain sensitive information. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 19.10. Stephan Zeisberg discovered that CUPS incorrectly handled certain malformed ppd files. A local attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.

Ubuntu Security Notice 4338-2 - USN-4338-1 fixed vulnerabilities in re2c. This update provides the corresponding update for Ubuntu 20.04 LTS. Agostino Sarubbo discovered that re2c incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code.

Ubuntu Security Notice 4341-1 - Andrei Popa discovered that Samba incorrectly handled certain LDAP queries. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.10 and Ubuntu 20.04 LTS. It was discovered that Samba incorrectly handled certain LDAP queries. A remote attacker could possibly use this issue to cause Samba to consume resources, resulting in a denial of service. Various other issues were also addressed.

Ubuntu Security Notice 4342-1 - Al Viro discovered that the Linux kernel for s390x systems did not properly perform page table upgrades for kernel sections that use secondary address mode. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the Intel Wi-Fi driver in the Linux kernel did not properly check for errors in some situations. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.

Ubuntu Security Notice 4343-1 - Al Viro discovered that the Linux kernel for s390x systems did not properly perform page table upgrades for kernel sections that use secondary address mode. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice 4344-1 - It was discovered that the Intel Wi-Fi driver in the Linux kernel did not properly check for errors in some situations. A local attacker could possibly use this to cause a denial of service. It was discovered that the Intel WiMAX 2400 driver in the Linux kernel did not properly deallocate memory in certain situations. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

Ubuntu Security Notice 4345-1 - Al Viro discovered that the Linux kernel for s390x systems did not properly perform page table upgrades for kernel sections that use secondary address mode. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the Intel Wi-Fi driver in the Linux kernel did not properly check for errors in some situations. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.

Ubuntu Security Notice 4346-1 - It was discovered that the QLogic Fibre Channel driver in the Linux kernel did not properly check for error, leading to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service. It was discovered that the Intel Wi-Fi driver in the Linux kernel did not properly check for errors in some situations. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.

Ubuntu Security Notice 4341-3 - USN-4341-1 fixed vulnerabilities in Samba. The updated packages for Ubuntu 16.04 LTS introduced a regression when using LDAP. This update fixes the problem. It was discovered that Samba incorrectly handled certain LDAP queries. A remote attacker could possibly use this issue to cause Samba to consume resources, resulting in a denial of service. Various other issues were also addressed.

Ubuntu Security Notice 4348-1 - It was discovered that Mailman incorrectly handled certain inputs. An attacker could possibly use this to issue execute arbitrary scripts or HTML. It was discovered that Mailman incorrectly handled certain inputs. An attacker could possibly use this issue to display arbitrary text on a web page. It was discovered that Mailman incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.

Ubuntu Security Notice 4341-2 - USN-4341-1 fixed a vulnerability in Samba. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that Samba incorrectly handled certain LDAP queries. A remote attacker could possibly use this issue to cause Samba to consume resources, resulting in a denial of service. Various other issues were also addressed.

Ubuntu Security Notice 4333-2 - USN-4333-1 fixed vulnerabilities in Python. This update provides the corresponding update for Ubuntu 20.04 LTS. It was discovered that Python incorrectly stripped certain characters from requests. A remote attacker could use this issue to perform CRLF injection. Various other issues were also addressed.

Ubuntu Security Notice 4349-1 - A buffer overflow was discovered in the network stack. An unprivileged user could potentially enable escalation of privilege and/or denial of service. This issue was already fixed in a previous release for 18.04 LTS and 19.10. A buffer overflow was discovered in BlockIo service. An unauthenticated user could potentially enable escalation of privilege, information disclosure and/or denial of service. This issue was already fixed in a previous release for 18.04 LTS and 19.10. Various other issues were also addressed.

Ubuntu Security Notice 4350-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.80 in Ubuntu 19.10 and Ubuntu 20.04 LTS. Ubuntu 16.04 LTS and Ubuntu 18.04 LTS have been updated to MySQL 5.7.30. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.