Symantec Vulnerability Research SYMSA-2007-012 - Microsoft Windows CE suffers from a IGMP related denial of service vulnerability.

The Windows kernel does not properly isolate broadcast messages from low integrity applications from medium or high integrity applications. This allows commands to be broadcasted to an open medium or high integrity command prompts allowing escalation of privileges. We can spawn a medium integrity command prompt, after spawning a low integrity command prompt, by using the Win+Shift+# combination to specify the position of the command prompt on the taskbar. We can then broadcast our command and hope that the user is away and doesn't corrupt it by interacting with the UI. Broadcast issue affects versions Windows Vista, 7, 8, Server 2008, Server 2008 R2, Server 2012, RT. But Spawning a command prompt with the shortcut key does not work in Vista so you will have to check if the user is already running a command prompt and set SPAWN_PROMPT false. The WEB technique will execute a powershell encoded payload from a Web location. The FILE technique will drop an executable to the file system, set it to medium integrity and execute it. The TYPE technique will attempt to execute a powershell encoded payload directly from the command line but it may take some time to complete.

This Metasploit module exploits a vulnerability found in Windows Object Linking and Embedding (OLE) allowing arbitrary code execution, publicly known as "Sandworm". Platforms such as Windows Vista SP2 all the way to Windows 8, Windows Server 2008 and 2012 are known to be vulnerable.

This Metasploit module exploits a vulnerability found in Windows Object Linking and Embedding (OLE) allowing arbitrary code execution, publicly exploited in the wild as MS14-060 patch bypass. The Microsoft update tried to fix the vulnerability publicly known as "Sandworm". Platforms such as Windows Vista SP2 all the way to Windows 8, Windows Server 2008 and 2012 are known to be vulnerable. However, based on our testing, the most reliable setup is on Windows platforms running Office 2013 and Office 2010 SP2. And please keep in mind that some other setups such as using Office 2010 SP1 might be less stable, and sometimes may end up with a crash due to a failure in the CPackage::CreateTempFileName function.

This Metasploit module exploits a vulnerability found in Windows Object Linking and Embedding (OLE) allowing arbitrary code execution, bypassing the patch MS14-060, for the vulnerability publicly known as "Sandworm", on systems with Python for Windows installed. Windows Vista SP2 all the way to Windows 8, Windows Server 2008 and 2012 are known to be vulnerable. However, based on our testing, the most reliable setup is on Windows platforms running Office 2013 and Office 2010 SP2. Please keep in mind that some other setups such as those using Office 2010 SP1 may be less stable, and may end up with a crash due to a failure in the CPackage::CreateTempFileName function.

A potential vulnerability with LOGINOUT for OpenVMS (VAX & ALPHA) V7.1 software has been discovered.

VAX/VMS hacking FAQ

User's Guide to VAX/VMS

Project Open CMS version 5.0.3 suffers from cross site scripting and remote SQL injection vulnerabilities.

IPhone TreasonSMS suffers from html injection and file inclusion vulnerabilities.

Research by fDi Intelligence reveals which countries receive more than their ‘expected share’ of FDI. 

The FLIR Brickstream 3D+ sensor is vulnerable to unauthenticated config download and file disclosure vulnerability when calling the ExportConfig REST API (getConfigExportFile.cgi). This will enable the attacker to disclose sensitive information and help her in authentication bypass, privilege escalation and/or full system access.

The CEO of the UN’s Global Compact initiative, Lise Kingo, talks about the sustainability shift in the C-suite, FDI’s role in achieving the SDGs and how CEOs can address common risks.

Kenya’s cabinet secretary for the national treasury and planning, Ukur Yatani, discusses the country’s agenda of fiscal reforms and the importance of constructing an east-west Africa highway.

This Metasploit module exploits a vulnerability in Total.js CMS. The issue is that a user with admin permission can embed a malicious JavaScript payload in a widget, which is evaluated server side, and gain remote code execution.

Continued African development could hinge on public finance reforms.

President Obrador aims to mobilise billions in public and private investment to create an alternative to the Panama Canal along the Tehuantepec corridor. 

BlackRock Real Assets is aiming to boost its renewables power portfolio in Asia by as much as 10-fold as it seeks to keep pace with the world’s fastest-growing region for green energy.

Commercial property owners with existing energy storage systems, or owners considering implementing an energy storage system, may be able to benefit from a recent order by the Massachusetts Department of Public Utilities (DPU) allowing utility companies to pay customers who agree to rely upon their energy storage systems and dispatch the energy during peak events.

Turkeler and RT Enerji have chosen GE Renewable Energy to supply equipment for five onshore wind farms being built in Turkey.

Global wind turbine makers are expanding manufacturing capacity in India to boost exports from the South Asian nation even as the country’s domestic industry faces headwinds.

Walmart Inc. sued Tesla Inc., claiming it failed to live up to industry standards in the installation of solar panels on top of hundreds of stores, resulting in multiple fires across the U.S.

Bernie Sanders wants renewable energy to power U.S. homes and vehicles by 2030 -- and he wants to do it by enlisting the federal government in building and running new solar, wind and geothermal electricity projects.

President Donald Trump said he was not willing to sacrifice the abundant fossil energy wealth of the U.S. on “dreams” such as renewable power.

California’s energy storage incentive program has been a great success, with more than 11,000 battery storage systems installed to-date. The problem is, it’s not reaching the state’s most vulnerable communities. A new proposal from the California Public Utilities Commission (CPUC) aims to fix some of the barriers preventing disadvantaged communities from participating in the program, and it allocates $100 million to a new program designed to offset the cost of battery storage systems for populations threatened by wildfires and related utility power shutoffs.

Minnesota’s largest utility wants to change how the state calculates its trailblazing “value of solar” rate as it faces a potential spike in payments to community solar operators.

In early February, during DistribuTECH, the Smart Electric Power Alliance (SEPA) hosted a workshop to discuss what requirements are necessary for successful distributed energy resource management systems (DERMS) deployment.

Starbucks Corp. is boosting its investments in clean power.

Building solar and wind energy projects on potentially contaminated lands can be a golden opportunity, both effective and cost-effective, for developers. The 120-acre Reilly Tar & Chemical Corporation Superfund site was recently redeveloped with a utility-scale solar farm and is a prime example of the reuse potential inherent in thousands of Superfund sites, brownfields, retired power plants, and landfills.

BlackRock Real Assets is aiming to boost its renewables power portfolio in Asia by as much as 10-fold as it seeks to keep pace with the world’s fastest-growing region for green energy.

Bernie Sanders wants renewable energy to power U.S. homes and vehicles by 2030 -- and he wants to do it by enlisting the federal government in building and running new solar, wind and geothermal electricity projects.

A recent report by the Energy Futures Initiative (EFI), established by former Energy Secretary Ernest Moniz, and the National Association of State Energy Officials confirms that the energy sector as a whole grew 2 percent last year, which is .3 percent more than the national job growth percentage of 1.7 percent.

This week Autogrid announced that it entered into a partnership with Swell Energy to provide software for managing Swell’s growing fleet of distributed energy resources (DER).

A new roadmap for the future of Ohio’s electric grid can benefit all types of interest groups, but the next few years will be critical for the plan to achieve its goals.

New state energy goals and innovative utility program offerings have been making headlines in recent months. These types of regional policies and incentives are important, especially as we face challenges ranging from grid constraints and fluctuating electricity prices to environmental concerns, but significant portions of the country are outside of the direct influence of energy use mandates and incentives.