Cybersecurity Alerts, News, and Tips

Two kids found a screensaver bypass in Linux Mint

The development team behind the Linux Mint distro has fixed a security flaw that could have allowed users to bypass the OS screensaver. The maintainers of the Linux Mint project have addressed a security bug that could have allowed attackers to bypass the OS screensaver. The curious aspect of this vulnerability is related to its […]
The post Two kids found a screensaver bypass in Linux Mint appeared first on Security Affairs.


Steps to Improve Cybersecurity as Your Employees Return to the Workplace

It is likely that after working remotely for over a year, companies around the world will soon expect their employees to return to the office.
Whether you are working from home or office, it is smart to consider a few cybersecurity best practices so that you and your employees do not become a target of a malicious actor.


Using Server-Side Encrypt Data AWS KMS to Integrate With Mule-4 AWS-S3 Connector

Purpose
To Demonstrate MuleSoft integration with S3 Bucket with enabled KMS (Server Side Encryption).
Table of Contents

What is AWS KMS?
Key Rotation; AWS configuration for KMS and S3 Bucket.
Mule 4 connector configuration.
Tutorial video.

Scenarios

Publish data to the S3 bucket while the bucket is enabled with server-side encryption.
Publish data to the S3 bucket as the bucket is disabled with server-side encryption.

What Is AWS KMS?
AWS Key Management Service (AWS KMS) is a regulated service that makes it easy to produce and manage the encryption keys utilized to encrypt data.


Siemens fixed tens of flaws in Siemens Digital Industries Software products

Siemens has addressed tens of vulnerabilities in Siemens Digital Industries Software products that can allow arbitrary code execution. Siemens has addressed 18 vulnerabilities affecting some products of Siemens Digital Industries Software which provides product lifecycle management (PLM) solutions. The vulnerabilities affect Siemens JT2Go, a 3D viewing tool for JT data (ISO-standardized 3D data format) and […]
The post Siemens fixed tens of flaws in Siemens Digital Industries Software products appeared first on Security Affairs.


Joker’s Stash, the largest carding site, is shutting down

Joker’s Stash to shut down on February 15, 2021. Joker’s Stash, the largest carding marketplace online announced that it was shutting down its operations on February 15, 2021. Joker’s Stash, the largest carding marketplace online, announced that its operations will shut down on February 15, 2021. The administrator announced the decision via messages posted on […]
The post Joker’s Stash, the largest carding site, is shutting down appeared first on Security Affairs.


Shifting Left: A Penetration Tester’s Journey to the Code Analysis Camp

Most of you know me as an offensive security gal. The fact that I decided to join a SAST team frankly surprised me, as well. Now that I have officially started my job at ShiftLeft, I am taking this moment to reflect on how I got here and how I see the future of application security.
Confessions of a Newbie Web Developer
I started my career as a web developer. And I absolutely loved it! I loved building tools that solve someone else’s problems. And there is no feeling like seeing your vision materialize right in front of your eyes.


Signal is down for multiple users worldwide

The popular signal messaging app Signal is currently facing issues around the world, users are not able to make calls and send/receive messages. At the time of this writing, it is not possible to make calls and send/receive messages. Users that attempted to send messages via the messaging app were seeing loading screen and after it […]
The post Signal is down for multiple users worldwide appeared first on Security Affairs.



BrandPost: Creating a Zero Trust Foundation

To prevent security breaches and data loss, organizations have directed a lot of time, effort, and capital spend toward security initiatives. Even the most advanced “next generation” application layer firewalls filtering malicious traffic at the network perimeter have only revealed equal if not greater threats within. To help counter this internal threat, organizations have invested heavily in internal monitoring and other advanced security controls that inspect traffic at all layers of the OSI stack to identify malicious activity and stop it before it reaches the destination, or to issue an alert on the activity alone. While these initiatives have been helpful, they rely on a connection first being malicious or a trigger on a pre-established set of criteria before any bells and whistles sound or prevention techniques are applied. By throwing more technology and controls at the problem, networks have become a chaotic mess of watchers, gatekeepers, and agents as more and more technologies and controls are thrown into it, with legitimate business traffic trying to navigate its way to through it all. Yet breaches are still occurring at an alarming rate – leaving organizations looking to a different approach. To read this article in full, please click here