Visual Voicemail for iPhone suffers from a use-after-free vulnerability in IMAP NAMESPACE processing.

An exploitable command injection vulnerability exists in the ACEManager iplogging.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can inject arbitrary commands, resulting in arbitrary command execution. An attacker can send an authenticated HTTP request to trigger this vulnerability.

An exploitable unverified password change vulnerability exists in the ACEManager upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a unverified device configuration change, resulting in an unverified change of the user password on the device. An attacker can make an authenticated HTTP request to trigger this vulnerability.

An exploitable cross-site scripting vulnerability exists in the ACEManager ping_result.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP ping request can cause reflected javascript code execution, resulting in the execution of javascript code running on the victim's browser. An attacker can get a victim to click a link, or embedded URL, that redirects to the reflected cross-site scripting vulnerability to trigger this vulnerability.

An exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can upload a file, resulting in executable code being uploaded, and routable, to the webserver. An attacker can make an authenticated HTTP request to trigger this vulnerability.

An exploitable Information Disclosure vulnerability exists in the ACEManager EmbeddedAceGet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause an information disclosure, resulting in the exposure of confidential information, including, but not limited to, plaintext passwords and SNMP community strings. An attacker can make an authenticated HTTP request, or run the binary, to trigger this vulnerability.

An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a arbitrary setting writes, resulting in the unverified changes to any system setting. An attacker can make an authenticated HTTP request, or run the binary as any user, to trigger this vulnerability.

An exploitable information disclosure vulnerability exists in the ACEManager template_load.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a information leak, resulting in the disclosure of internal paths and files. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Computer and network security is an ever-evolving field. As technology advances, cybercriminals find new ways to exploit vulnerabilities in order to get at your personal, financial, or organizational data. We recently spoke with Symantec's Director of Security Response Kevin Haley to get an idea of what threats you'll face in the next year or two.

In short, expect a continuation of common threats like ransomware, as well as the emergence of new threats from connected devices and the so-called Internet of Things. Plus, keep an eye out for the resurgence of an old threat made new.

Ransomware with a Twist

Ransomware — malicious software that locks your data or otherwise compromises your computer in an attempt to extort money — is not a new threat. It's been around for a number of years in various forms. But according to Haley, a new form of ransomware doesn't just lock your files; instead, it threatens to publicly release your data unless you pay up.

For many individuals, this may simply mean an embarrassing leakage of personal data — browser history, emails, photos, and so on. For a nonprofit, especially one that deals with sensitive sociopolitical issues, the possibility of data leakage can have more serious ramifications. It could pose a threat to the community you serve.

Email That Looks Like It Came from a Co-worker

In traditional phishing attempts, scammers create an email that appears to be from a legitimate source — say, Google, Amazon, or Apple. Then they attempt to steal account information, such as usernames and passwords. But in an emerging form of phishing, hackers may use emails purportedly from co-workers or business associates to try to steal information from your organization.

For example, Haley says, you may receive an email from a vendor or a colleague asking for specific pieces of information (such as tax forms) or for money outright. The only problem is that these emails originate from scammers, not your colleagues. And once you email an important piece of information to these impersonators, there's no way to get it back.

With proper data handling, though, you can avoid these sorts of nightmares. See our recent post, 5 Data Security Risks for Nonprofits (and How to Fix Them), to learn more.

The Internet of Things Can Make People Vulnerable

From smart locks to Internet-connected appliances, the Internet of Things promises to change the way we interact with all sorts of items within our homes and offices. But with this comes the potential for security headaches.

According to Haley, these "smart" devices are rarely protected properly, and are easy to infect with malware. And this isn't just an issue that may cause problems some years down the line. Last year, as CNET reported, a network of malware-infected DVRs and webcams overloaded a number of popular websites and online services, temporarily knocking them offline.

Word Macro Viruses Make a Comeback

Perhaps the most surprising threat Haley warned about was the revival of Word macro viruses.

Macro viruses use Microsoft Word's macro programming feature — typically used to automate certain tasks within Word — to infect your computer. Macro viruses have been around for many, many years. And Word disables macros by default: If you open a Word document with a macro, you'll have to click a button to tell Word to turn on any macros within that document.

With this new wave of macro viruses, however, criminals employ social engineering trickery to goad you into turning on macros, allowing the macro virus to do its thing.

Fortunately, you can easily protect yourself from getting infected. First, don't open file attachments from people you don't know. If you receive a Word document with macros from someone you do know, confirm with that person to make sure that they intended to send the macros and that they are safe to run.

As Always, Vigilance Is Key

Although specific threats may evolve over time, good security practices never go out of style. Use a security software package and keep it updated. Enforce good account security practices within your organization.

Don't open file attachments from people you don't know, and don't open unexpected file downloads. Secure all your devices as best you can. And if something seems fishy — perhaps that email from your boss doesn't seem quite right — don't be afraid to question it.

By taking small steps like these, you might save yourself — and your organization — some serious pain.

spanhidden

The global pharmaceutical sector has seen consistent growth since 2014, with western Europe a major beneficiary.

Up to 18 countries across Latin America have joined China’s new Belt and Road Initiative, hoping to boost their infrastructure development and investment.  

The financial benefits of buying and selling locally produced energy from rooftop solar, wind turbines and batteries within communities have been revealed in a test case run by energy tech firm LO3 Energy.

Last week, the Hawaiian Electric Companies began Hawai‘i’s largest procurement effort for renewable energy resources to end the use of coal and reduce reliance on imported oil for power generation, moving the state closer to its goal of using 100 percent renewable energy by 2045.

Pennsylvania is promoting a new roadmap to electrify transportation by designing policies and setting targets to get more electric vehicles on the roads.

SOHAR deep-sea port and free-zone has signed a 600-hectare lease agreement with Shell Development Oman (SDO) for land to set up industrial and commercial solar panels. The port is managed in a joint-venture between the Port of Rotterdam and the Sultanate of Oman.

Yesterday, the Environmental and Energy Study Institute (EESI) announced the launch of the Access Clean Energy Savings (ACES) initiative. ACES provides technical assistance to help rural electric cooperatives and public power utilities apply for the U.S. Department of Agriculture’s (USDA) Rural Electric Savings Program (RESP), which provides zero-interest 20-year loans for improving energy efficiency.

Ameren is preparing to test a Canadian company’s software that could someday help usher in a radically different business model for the utility.

A report that examines statements about rolling blackouts made by regional grid operator ISO-New England, shows that sustained growth of renewables, and not more gas, will boost reliability of New England’s electric power system.

Last month, Delaware Governor John Carney signed Senate Bill 113 into law, enabling Commercial Property Assessed Clean Energy (C-PACE) financing in Delaware. Once implemented, PACE will offer a new method for financing commercial energy efficiency and renewable energy projects.

It’s lighter, abundant and finally ready to take on Tesla. Hydrogen-powered vehicles are gearing up to challenge electric vehicles again in the race for mass-market clean cars. This week, a much larger group of companies signed on to a global coalition aimed at drumming up government support for the technology that Tesla Inc. Chief Executive Officer Elon Musk has derided as “ mind-bogglingly stupid” for cars. The firms also pledged to find a cleaner way to produce the gas.

This week, EVgo, a provider of public electric vehicle (EV) fast-charging stations in the U.S., said it was accelerating the pace at which it is constructing fast chargers and will add hundreds of EVgo fast chargers in California before the end of 2018.

Has the environment for electricity generation changed dramatically since the Obama administration’s Clean Power Plan began its slow exit from public and regulatory consciousness several months ago? Not really!

Yesterday, the Environmental and Energy Study Institute (EESI) announced the launch of the Access Clean Energy Savings (ACES) initiative. ACES provides technical assistance to help rural electric cooperatives and public power utilities apply for the U.S. Department of Agriculture’s (USDA) Rural Electric Savings Program (RESP), which provides zero-interest 20-year loans for improving energy efficiency.

Ameren is preparing to test a Canadian company’s software that could someday help usher in a radically different business model for the utility.

Bonds backing clean energy and other sustainable initiatives are booming. Investors are snapping up green bonds at the fastest pace on record, as big banks like Morgan Stanley and Bank of America Corp. pile in with new issuance to feed the growing appetite for socially responsible investments.

RWE AG, the German utility whose coal-fired plants make it Europe’s largest carbon emitter, officially started the company’s largest renewables project on Thursday: a wind farm in Liverpool Bay off Britain’s coast.

The secretary general of the United Nations is frustrated with the pace of negotiations for what’s intended to be a crucial agreement limiting global warming.

Climate change pledges submitted so far from the world’s leading economies won’t be enough to keep the planet from warming dangerously, UN Secretary General Ban Ki-moon said Monday in New York.

Proposals to reduce heat-trapping emissions need to be “a floor, not a ceiling,” he said.

The global increase in temperatures will exceed 2 degrees Celsius (3.6 degrees Fahrenheit) under the national pledges already submitted to UN, Ban said. That’s the goal scientists and the UN have set to avoid the worst effects due to global warming.

The proposals submitted to date “will not be enough to place us on a 2-degree pathway,” Ban said.

Without any changes to global emissions, the world is on track to warm by 4 degrees Celsius or more, UN Assistant Secretary-General for Climate Change Janos Pasztor said earlier this month.

World leaders have five months to go before a meeting of almost 200 nations in Paris that’s intended to seal a new global pact to cut planet-warming carbon emissions. If successful, the agreement would be the first ever to require both developed nations like the US and growing economies like China to address climate change.

“The pace of UN negotiations are far too slow,” Ban said. “It’s like a snail’s pace.”

The U.S., the world’s biggest historic source of greenhouse gases, pledged earlier this year to cut its emissions by as much as 28 percent by 2025. The European Union has promised a 40 percent cut by 2030. Several other major economies, including Australia and Japan, have yet to submit climate plans to the UN.

Yesterday, the Environmental and Energy Study Institute (EESI) announced the launch of the Access Clean Energy Savings (ACES) initiative. ACES provides technical assistance to help rural electric cooperatives and public power utilities apply for the U.S. Department of Agriculture’s (USDA) Rural Electric Savings Program (RESP), which provides zero-interest 20-year loans for improving energy efficiency.

Ameren is preparing to test a Canadian company’s software that could someday help usher in a radically different business model for the utility.

The financial benefits of buying and selling locally produced energy from rooftop solar, wind turbines and batteries within communities have been revealed in a test case run by energy tech firm LO3 Energy.

Last week, the Hawaiian Electric Companies began Hawai‘i’s largest procurement effort for renewable energy resources to end the use of coal and reduce reliance on imported oil for power generation, moving the state closer to its goal of using 100 percent renewable energy by 2045.

Presentation by Jeff Duce of Boeing

The Brazilian government is seeking to award contracts in an auction tomorrow for natural gas- and coal-fueled power plants, reversing a drive that previously favored renewable-energy projects. It would lead to the first new thermal plants in three years, after the government scaled back such projects and awarded wind contracts starting in 2009 and solar energy earlier this year.

A "dark horse" is defined as a little-known entity that emerges to prominence in the face of competition — a contestant that seems unlikely to succeed. I borrow the term from a conversation last week, wherein India was referred to as the dark horse in the global race to go solar.

The World Bank indicated in its new report "Building Competitive Green Industries: The Climate and Clean Technology Opportunity for Developing Countries" that small and medium-sized enterprises (SMEs) in developing countries are set to undergo significant growth and create more jobs in the field of clean technology. Anabel Gonzalez, senior director for the World Bank's Global Practice on Trade and Competitiveness, said developing home-grown clean-tech industries will help developing countries more effectively increase the adoption of low-cost clean energy and drive sustainable economic development.

Australian exporters interested in ASEAN markets should get online and tap into a regional e-commerce sector that is expected to hit US$102 billion in the next five years.

Facebook Inc. is boosting its clean-energy efforts with a deal to help run a Virginia data center where it leases space with solar power.