Recent years have seen a significant increase in the use of unmanned aerial vehicles (UAVs) across a wide range of industries, from agriculture to law enforcement. While UAVs offer numerous benefits, including cost savings, improved safety, and greater efficiency, their increased use has also made them a target for cyberattacks. Now, new research from cybersecurity firm IOActive has found that
Fortinet has issued a warning to its customers that a recently patched vulnerability, identified as CVE-2020-27997, could potentially be a zero-day flaw that may have already been exploited in limited attacks. The severity of the threat prompted Fortinet to confirm that the latest FortiOS and FortiProxy updates address the flaw, which it has described as a critical heap-based buffer overflow
Mandiant, a cybersecurity company, has recently identified the Chinese cyber espionage group UNC3886 exploiting a zero-day vulnerability in the VMware ESXi hypervisor to escalate privileges on guest virtual machines. The group has been observed deploying malicious vSphere Installation Bundles (VIBs) on ESXi hypervisors to gain command execution, file manipulation, and reverse shell capabilities. UNC3886 is known for targeting technology, defense,
Amazon Web Services (AWS), the cloud computing division of Amazon, has released a new DevSecOps service that expands third-party integrations for its existing AI-driven security scanning tool. The new service, called Amazon CodeGuru Security, is a static application security testing (SAST) tool that primarily focuses on automatically detecting security vulnerabilities in Java, Python, and JavaScript code. AWS has positioned the
The rapidly evolving blockchain and cryptocurrency industries have introduced new challenges that require innovation and creativity. Blockchain consensus protocols, such as Proof-of-Work (PoW) and Proof-of-Stake (PoS), have been developed to secure the integrity and validity of blockchain transactions. While each consensus mechanism has its own strengths and weaknesses, the question of which is the best choice continues to spark debates
Managed file transfer (MFT) software is a crucial tool for organizations to securely transfer large or sensitive files. However, a recently patched zero-day vulnerability in MOVEit Transfer, a popular MFT software, has caused significant concerns among its users. Widely exploited zero-day CVE-2023-34362 is a zero-day vulnerability that affected MOVEit Transfer and was widely exploited from May 27, causing alarm bells
Cybercrime has become one of the most pressing global risks in today’s world. According to the World Economic Forum, cybercrime is currently ranked among the top 10 global risks. In light of this, the importance of cybersecurity and the role of cyber professionals in addressing this risk cannot be overstated. Unfortunately, there is a severe talent shortage in cybersecurity, which
Network operations and security are critical components of any organization’s IT infrastructure but are often undervalued, underfunded, and underserved. As a result, cybersecurity threats continue to pose a significant risk to businesses worldwide. In a recent survey of network operations and network security professionals commissioned by Wakefield Research, the majority (62%) of respondents stated that their leadership prioritizes cybersecurity spending
Two Russian nationals have been charged in the United States with hacking the now-defunct cryptocurrency exchange, Mt. Gox, and conspiring to launder its proceeds. The individuals in question are Alexey Bilyuchenko, who is 43 years old, and Aleksandr Verner, who is 29. They have allegedly attempted to launder 647,000 bitcoins following their hack of the Mt. Gox exchange. Alleged Attempted
Security researchers have recently discovered an “easily exploitable” flaw in the Microsoft Visual Studio installer, which could be used by malicious actors to impersonate legitimate publishers and distribute malicious extensions. This vulnerability, known as CVE-2023-28299, was addressed by Microsoft as part of its Patch Tuesday updates for April 2023, but experts warn that the problem could still exist in some
Cryptocurrency enthusiasts around the world are eagerly waiting to see how the market will perform in the upcoming month of June. The crypto market has recently experienced some volatility, which has led to mixed predictions from investors and analysts. In this article, we will provide a glimpse into some of the most talked-about predictions for Bitcoin (BTC), Ethereum (ETH), and
As the world becomes more reliant on software, securing our software supply chains has become increasingly vital. Cybersecurity threats are evolving and becoming more sophisticated, with attackers focusing their efforts on exploiting vulnerabilities in CI/CD pipelines. While DevOps methodologies have improved the speed and quality of software development, the integration of security, known as DevSecOps, is now seen as essential
