An HTML Injection vulnerability has been discovered on the RICOH SP 4510DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter.

An HTML Injection vulnerability has been discovered on the RICOH SP 4520DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn or entryDisplayNameIn parameter.

This Metasploit module exploits an unauthenticated remote command injection vulnerability found in Barco WePresent and related OEM'ed products. The vulnerability is triggered via an HTTP POST request to the file_transfer.cgi endpoint.

Here's a simple way to keep your data safe from potential bad actors in one easy step. Are you ready? Here it is: Log out and lock your computer whenever you're not in front of it.

That's right, it's so simple it can almost be seen as an analog approach to cybersecurity. But make no mistake, all those in-depth disk encryption efforts can be rendered pointless. If you step away from your computer while it's on and unlocked, anyone passing by can access it.

Working Remotely Promotes Data Vulnerability

What's perhaps most insidious about someone gaining physical access to your computer is the fact that the attacker doesn't need any advanced technical know-how to steal sensitive information. A momentary lapse in vigilance at work or a coffee shop can result in a data breach of epic proportions.

Let's say you're working remotely at your favorite café down the street from your apartment and you get up to put in an order for a late breakfast, forgetting to lock your laptop. During that brief moment, a low-key cybervillian could easily stick a USB drive into your computer and copy any sensitive files about you — or your organization — and leave undetected.

Furthermore, if you were logged in to Gmail, your medical records, or your bank account, that malefactor could wreak havoc on your personal and professional life in a matter of minutes.

Tips for Protecting Yourself

The good news about all of this is that warding off these types of would-be data plunderers is really, really easy — it's simply a matter of using your operating system's screen locking functionality. If you don't want to do this, then at the very least you should log out of any sensitive online accounts whenever you step away from your machine.

For each of the following options, be sure you are aware of the password connected to your user login before locking yourself (or anyone else) out.

Screen Locking in Microsoft Windows

• Press Ctrl+Alt+Delete and select Lock this computer
• Press Windows+L

Either of these will lock your computer and require a password to log back in. You can choose Control Panel > Personalization > Screen Saver Settings and set up a screen saver that provides a login screen to get back in once it's been initiated.

Screen Locking in macOS

• On an external keyboard or older laptops, press Ctrl+Shift+Eject
• On a MacBook Air or Pro Retina, press Ctrl+Shift+Power

You can also go to System Preferences > Security & Privacy > General and select Require password immediately after sleep or screen saver begins (provided you have already set up a screen saver by clicking System Preferences > Desktop & Screen Saver).

Additional Cybersecurity Resources

• Find out how to recognize suspicious emails and protect yourself against malware through better password security
• Check out our recent post on the future of security threats

Get more security tips from the National Cyber Security Alliance. National Cyber Security Awareness Month — observed every October — was created as a collaborative effort between government and industry to ensure that all Americans have the resources they need to stay safer and more secure online. Find out how you can get involved.

Image: National Cyber Security Alliance

spanhidden

Announced greenfield projects into China plummeted in early 2020 with the US and Europe taking the lion's share of global foreign investment. 

London is crowned best major city in Europe in fDi's FDI Strategy category, with Glasgow, Vilnius, Reykjavik and Galway also winning out.

This Metasploit module exploits a type confusion bug in the Javascript Proxy object in WebKit. The DFG JIT does not take into account that, through the use of a Proxy, it is possible to run arbitrary JS code during the execution of a CreateThis operation. This makes it possible to change the structure of e.g. an argument without causing a bailout, leading to a type confusion (CVE-2018-4233). The type confusion leads to the ability to allocate fake Javascript objects, as well as the ability to find the address in memory of a Javascript object. This allows us to construct a fake JSCell object that can be used to read and write arbitrary memory from Javascript. The module then uses a ROP chain to write the first stage shellcode into executable memory within the Safari process and kick off its execution. The first stage maps the second stage macho (containing CVE-2017-13861) into executable memory, and jumps to its entrypoint. The CVE-2017-13861 async_wake exploit leads to a kernel task port (TFP0) that can read and write arbitrary kernel memory. The processes credential and sandbox structure in the kernel is overwritten and the meterpreter payloads code signature hash is added to the kernels trust cache, allowing Safari to load and execute the (self-signed) meterpreter payload.

This Metasploit module exploits a vulnerability in Total.js CMS. The issue is that a user with admin permission can embed a malicious JavaScript payload in a widget, which is evaluated server side, and gain remote code execution.

The documentary "American Factory" tells us communities need to go beyond the job creation narrative when it comes to attracting foreign investment. 

Steve Armitage, general manager of destination at Auckland Tourism, Events and Economic Development explains why the New Zealand city’s international profile is growing so fast.

German chemical giant BASF has begun construction of its $10bn mega project in southern China, which will be the country’s first wholly foreign-owned chemical complex. 

Edmund Bartlett, Jamaica’s minister of tourism, talks about key investment opportunities and the need for better international reporting when natural disasters strike.

JinkoSolar Holding Co., the world’s biggest solar panel maker, sees China’s photovoltaic power additions slumping this year and a greater share of its revenue coming from overseas amid uncertainties over Beijing’s new policies.

Bolivian President Evo Morales has inaugurated the 69-MW San Jose II Hydroelectric Power Plant in the municipality of Colomi, department of Cochabamba.

Eos Energy Storage is manufacturer and supplier of the zinc-based Aurora 2.0 battery system for Duke Energy's McAlpine substation and as a behind-the-meter solution at the University of California, San Diego. 

Jose Maria Romay, general manager of Corani (a subsidiary of Ende), has announced the company is seeking financing from Latin American development bank CAF and French development agency AFD for the 147-MW Banda Azul hydro project.

While the industry is welcoming more women leaders, its rank-and-file workforce is still a lot like those at fossil-fuel companies: white and dominated by men. The lack of gender diversity is being driven by manufacturing jobs, and that means women are now missing out on the biggest jobs boom America has to offer.

Homeowners and businesses may now have an easier time getting solar panels on rooftops thanks to software developed at Sandia.

Last week, the New Jersey Board of Public Utilities announced it selected Ocean Wind, an offshore wind energy project proposed by Ørsted with support from PSEG, to develop an 1,100 MW offshore wind farm. Ocean Wind will be located 15 miles off the coast of Atlantic City. Construction is expected to commence in the early 2020s, with the wind farm operational in 2024.

8minute Solar Energy, NV Energy and the Moapa Band of Paiutes announced that NV Energy selected 8minute to develop the largest solar plus storage project ever built in Nevada and one of the largest in the world.

The Massachusetts Department of Public Utilities has issued an order approving long-term contracts for 9,554,940 MWh annually of hydropower between H.Q. Energy Services (U.S.) Inc. and the Commonwealth’s electric distribution companies through the New England Clean Energy Connect 100% Hydro project (NECEC Hydro).

Dominion Energy has begun construction on the Coastal Virginia Offshore Wind (CVOW) project, which will feature two 6-MW wind turbines and power about 3,000 homes.

The Clean Power Alliance (CPA) has signed three long-term power purchase agreements, including two new solar projects and one existing small hydro project.

The projects include a 999-MW wind facility being built north of Weatherford, a 287-MW wind facility being built southwest of Enid, and a 199-MW facility being built south of Alva. They are being developed by Invenergy.

Turkeler and RT Enerji have chosen GE Renewable Energy to supply equipment for five onshore wind farms being built in Turkey.

The Lockett Wind farm in Wilbarger has the potential to generate more than 700,000 MWh of renewable energy per year, enough to power the equivalent of 70,000 homes. 

Governor Andrew M. Cuomo has announced that the New York Power Authority is launching a 15-year modernization and digitization program to significantly extend the operating life of the Niagara Power Project.

The Skeleton Creek project will be located in three Oklahoma counties

This week, San José’s Community Choice Aggregator (CCA) which is called San José Clean Energy (SJCE) and EDP Renewables SA (EDPR), through its fully owned subsidiary EDP Renewables North America LLC (EDPR NA), signed a 20-year power purchase agreement (PPA) for 100 MW of new solar energy capacity and 10 MW of battery storage at the Sonrisa Solar Park in Fresno County, California. The project is anticipated to be operational in 2022.

The Trump administration cast the fate of the nation’s first major offshore wind farm into doubt by extending an environmental review for the $2.8 billion Vineyard Wind project off Massachusetts.

The International Energy Agency (IEA) recently released a major new report on hydrogen, underscoring the remarkable political and business momentum surrounding the fossil fuel alternative, and touting its potential as a vital component of global efforts to build a “clean, secure, and affordable energy future.” The report takes a bold and prescient stance, and has rightfully inspired a torrent of press coverage about the future of hydrogen and its role in the renewable energy mix.

Lekela announced that it has reached financial close on its first wind project in Egypt, West Bakr Wind. Construction will begin shortly, delivering 250 MW of clean, reliable power at a highly competitive price.

Duke Energy Renewables, a subsidiary of Duke Energy, announced that nine solar projects developed with SolAmerica Energy totaling 14.1 megawatts (MW) have begun commercial operations across central Georgia under Georgia Power’s Renewable Energy Development Initiative. These projects bring Duke Energy Renewables, operating through its REC Solar business unit, to 27.4 MW of solar projects in Georgia.

The U.S. land-based wind industry installed 7,588 MW of capacity last year, bringing the overall utility-scale total to more than 96 GW. 

This week Aman, Jordan-based Philadelphia Solar announced that the 8.2-MW solar PV project that it installed at the Abdali Medical Center in Jordan has entered commercial operation.

The Federal Energy Regulatory Commission in the U.S. has issued an original operating license to Kenai Hydro LLC for its proposed 5-MW Grant Lake Hydroelectric Project in Kenai Peninsula Borough, Alaska.

A utility worker at the Delta 6 wind park in Brazil has been injured following yet another collapse of a General Electric (GE) turbine, bringing the total number of turbines to have failed in the America’s to five in 2019.

France’s Neoen SA has outlined plans to build a giant renewables complex in South Australia, including battery storage with up to nine times more capacity than the Tesla Inc. design at its nearby Hornsdale plant, which is billed as the world’s largest lithium-ion battery.

Eos Energy Storage and energy equipment firm Holtec International are creating a joint venture to produce Eos’ next generation of large-scale zinc batteries.

This week independent power producer Marubeni and LO3 Energy said they have started a pilot project in Japan where LO3 will administer an energy marketplace using blockchain to connect a number of Marubeni’s power production facilities, including renewables, with offices and factories around Japan in a virtual marketplace. The project will simulate energy transactions to test the viability of the concept with the ultimate goal of creating a full-scale commercially operational network in the future.

This week LONGi announced that it would be supplying modules to what it says is the largest “bifacial+tracker” power generation project in the United States. The 224-MW project will be built in Mitchell County, Georgia and is expected to be complete this year.

As renewable energy proliferates, major players like Hitachi, ABB and GE are seeing value in combining grid and generation business units.

Pennsylvania is promoting a new roadmap to electrify transportation by designing policies and setting targets to get more electric vehicles on the roads.