This Metasploit module exploits a well known remote code execution exploit after establishing encrypted control communications with a Data Protector agent. This allows exploitation of Data Protector agents that have been configured to only use encrypted control communications. This exploit works by executing the payload with Microsoft PowerShell so will only work against Windows Vista or newer. Tested against Data Protector 9.0 installed on Windows Server 2008 R2.

A FortiSIEM collector connects to a Supervisor/Worker over HTTPS TLS (443/TCP) to register itself as well as relaying event data such as syslog, netflow, SNMP, etc. When the Collector (the client) connects to the Supervisor/Worker (the server), the client does not validate the server-provided certificate against its root-CA store. Since the client does no server certificate validation, this means any certificate presented to the client will be considered valid and the connection will succeed. If an attacker spoofs a Worker/Supervisor using an ARP or DNS poisoning attack (or any other MITM attack), the Collector will blindly connect to the attacker's HTTPS TLS server. It will disclose the authentication password used along with any data being relayed. Versions 5.0 and 5.2.1 have been tested and are affected.

Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the binary release..

Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release.

Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the binary release.

Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release.

Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the binary release.

Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release.

Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the binary release.

Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release.

Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the binary release.

Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release.

Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the binary release.

Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release.

Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the binary release.

Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release.

This whitepaper details some of the vulnerabilities observed over the past year while performing regular security assessments of iPhone and iPad applications. MDSec documents some of the vulnerabilities identified as well as the methods to exploit them, and recommendations that developers can adopt to protect their iOS applications. It covers not only the security features of the platform, but provides in depth information on how to perform both black box and white box iOS penetration tests, along with suggested methodologies and compliance.

graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie if a guest user has the graph real-time privilege.

This Metasploit module exploits a flaw where an authenticated user with sufficient administrative rights to manage pollers can use this functionality to execute arbitrary commands remotely. Usually, the miscellaneous commands are used by the additional modules (to perform certain actions), by the scheduler for data processing, etc. This module uses this functionality to obtain a remote shell on the target.

London has been named fDi’s inaugural Fintech Location of the Future for 2019/20, followed by Singapore and Belfast. 

Australia tops the FDI Strategy category of fDi's Tourism Locations of the Future 2019/20 rankings, followed by Costa Rica and Azerbaijan.

DA-WIN, a wireless IDS, provides an organization a continuous wireless scanning capability that is light touch and simple. It utilizes compact and discreet sensors that can easily be deployed reducing the total cost of protection and simplifying the effort required for absolute, categoric regulatory compliance. This archive includes a dd image to be used on a Raspberry Pi and a user manual.

DA-WIN, a wireless IDS, provides an organization a continuous wireless scanning capability that is light touch and simple. It utilizes compact and discreet sensors that can easily be deployed reducing the total cost of protection and simplifying the effort required for absolute, categoric regulatory compliance. This archive includes a dd image to be used on a Raspberry Pi and a user manual.

Teltonika RUT9XX routers with firmware before 00.04.233 are prone to multiple unauthenticated OS command injection vulnerabilities in autologin.cgi and hotspotlogin.cgi due to insufficient user input sanitization. This allows remote attackers to execute arbitrary commands with root privileges.

The FLIR Brickstream 3D+ sensor is vulnerable to unauthenticated config download and file disclosure vulnerability when calling the ExportConfig REST API (getConfigExportFile.cgi). This will enable the attacker to disclose sensitive information and help her in authentication bypass, privilege escalation and/or full system access.

Synaccess netBooter NP-02x and NP-08x version 6.8 suffer from an authentication bypass vulnerability due to a missing control check when calling the webNewAcct.cgi script while creating users. This allows an unauthenticated attacker to create an admin user account and bypass authentication giving her the power to turn off a power supply to a resource.

The IDAL HTTP server CGI interface contains a URL, which allows an unauthenticated attacker to bypass authentication and gain access to privileged functions. In the IDAL CGI interface, there is a URL (/cgi/loginDefaultUser), which will create a session in an authenticated state and return the session ID along with the username and plaintext password of the user. An attacker can then login with the provided credentials or supply the string 'IDALToken=......' in a cookie which will allow them to perform privileged operations such as restarting the service with /cgi/restart.

D-Link DIR-859 Routers are vulnerable to OS command injection via the UPnP interface. The vulnerability exists in /gena.cgi (function genacgi_main() in /htdocs/cgibin), which is accessible without credentials.

Kuwait's National Vision 2035 has economic diversification at its heart. This move from hydrocarbon reliance to other sectors is attracting investor attention, as Wendy Atkins reports.

The UK is the top country, but Dublin is leading city, for foreign companies setting up headquarters in Europe, according to fDi’s ranking.

New York’s Climate Leadership and Community Protection Act passed the Assembly early in the morning of June 20 and will now await the governor’s signature. Solar advocates praised the state legislature’s adoption of long anticipated legislation that will require at least 70 percent of electric generation come from renewable sources by 2030 and providing needed funding to low-income and environmental justice communities.

Last week in San Antonio, Texas, about 150 DISTRIBUTECH stakeholders convened to discuss industry trends, best practices for marketing and sales in the utility industry and set the educational agenda for the 2020 event.

Just after the midnight hour of New Year’s Eve 2020, more than confetti will be abandoned on America’s sidewalks and parlors. Somewhere around $130 million dollars of Investment Tax Credit (ITC) from that year’s anticipated Commercial & Industrial solar projects will fall out from any hope of reaching the proverbial pocket books of the nation’s infrastructure investors (assuming 2000MW of C&I and Community solar, and a $2/w installation cost). On 1/1/20, the ITC drops to 26 percent, a first step to further decrease the following year.

The Redford Center, a California-based non-profit co-founded in 2005 by Robert Redford and his son, James, announced that every morning, from April 15-22, 2019, the organization will post an episode a day of "Renewable Therapy for Climate Anxiety," a conversational mini-series featuring Filmmaker, James Redford, and Matthew Nordan, clean energy investor and managing partner at MNL Partners. In each two-minute installment, the pair explores questions that nag environmentalists when it comes to renewable energy. Watch the first episode below.

New Energy Equity, Region Five Development Commission (R5DC) and Rural Renewable Energy Alliance (RREAL) last week announced a partnership to develop six solar arrays, totaling 1.5 MW, for Pine River-Backus and Pequot Lakes school districts and Central Lakes College.

The world must invest $2.4 trillion in clean energy every year through 2035 and cut the use of coal-fired power to almost nothing by 2050 to avoid catastrophic damage from climate change, according to scientists convened by the United Nations.

According to the Microgrid Market Growth Potential - Industry Size Outlook Report 2024, the microgrid market is expected to reach $19 billion by 2024, nearly five times the original valuation of this business space in 2016.

Last week in San Antonio, Texas, about 150 DISTRIBUTECH stakeholders convened to discuss industry trends, best practices for marketing and sales in the utility industry and set the educational agenda for the 2020 event.

The International Hydropower Association has been re-elected to the steering committee of the Renewable Energy Policy Network for the 21^st Century (REN21).

American Municipal Power and the city of Hamilton held a dedication ceremony for the 105-MW Meldahl hydroelectric plant on June 2.

Hydroelectric power developer Snowdonia Pumped Hydro has withdrawn its application for environmental permits for the 99.9-MW Glyn Rhonwy pumped-storage plant from Natural Resources Wales.

India’s Cabinet Committee on Economic Affairs announced today it has approved investment for the generation component of the 900-MW Arun 3 hydropower project on Arun River in Sankhuwasabha district of eastern Nepal, for an estimated Rs. 5723.72 crore (US$854.4 million).
 

The Redford Center, a California-based non-profit co-founded in 2005 by Robert Redford and his son, James, announced that every morning, from April 15-22, 2019, the organization will post an episode a day of "Renewable Therapy for Climate Anxiety," a conversational mini-series featuring Filmmaker, James Redford, and Matthew Nordan, clean energy investor and managing partner at MNL Partners. In each two-minute installment, the pair explores questions that nag environmentalists when it comes to renewable energy. Watch the first episode below.

Stakeholders including clean energy and community groups are watching closely as ComEd begins the second phase of a microgrid pilot project in Chicago.