Italy’s Premier Giorgia Meloni said Thursday that her government is in talks with several private companies, including Elon Musk’s SpaceX, over the country’s telecoms security system, but denied having discussed the issue privately with Musk. “I never talked about this with Musk. It’s not my habit to use my public role to do favors to […]
SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape. Each week, we curate and present a collection of noteworthy developments, […]
The Banshee macOS information stealer has been updated to expand its target list to systems using the Russian language, cybersecurity firm Check Point reports. Banshee was first seen in mid-2024, when it was advertised on cybercrime forums for $3,000 per month, and is believed to have been created by Russian developers. The malware can collect […]
Healthcare and substance abuse treatment provider BayMark Health Services has started notifying patients that their personal information was stolen in a data breach resulting from a ransomware attack. The Texas-based company runs one of the largest addiction treatment services in the US, operating roughly 200 facilities and over 380 programs in 35 states, and treating […]
A new phishing campaign relies on legitimate links to trick victims into logging in and giving attackers control of their PayPal accounts, Fortinet warns. The phishing emails inform the intended victim of a payment request, providing legitimate-looking details, such as an amount and transaction ID, and even contain warnings that one would typically find in […]
A research project targeting vulnerabilities in widely used content access and protection technology from Microsoft raises some questions over certain aspects of responsible disclosure. For the past several years, Adam Gowdiak, founder and CEO of AG Security Research (formerly Security Explorations) has been looking into the security of digital content, specifically video streaming platforms. Gowdiak […]
Darktrace on Thursday announced the “proposed acquisition” of UK-based incident investigation and response firm Cado Security. Financial terms have not been disclosed for the deal that is expected to be completed in February, but the Australian Financial Review (AFR) reported (paywalled link) that Darktrace will pay an estimated $50 million to $100 million, subject to […]
Florida-based medical and dental billing and revenue cycle management company Medusind has revealed that a data breach discovered in December 2023 impacts over 360,000 individuals. The company, which serves thousands of healthcare providers, revealed in letters sent to affected individuals that it discovered an intrusion on December 29, 2023. An investigation conducted with the aid […]
Threat actors are exploiting a recently disclosed GFI KerioControl firewall vulnerability that leads to one-click remote code execution (RCE), threat intelligence firm GreyNoise warns. GFI KerioControl is a network security solution that provides firewall functionality and unified threat management capabilities, including threat detection and blocking, traffic control, intrusion prevention, and VPN features. The exploited issue, […]
SonicWall this week announced patches for multiple vulnerabilities in its firewalls, including two high-severity flaws that could lead to authentication bypass. Tracked as CVE-2024-40762, the first issue exists because the authentication token generator in SonicOS versions running on tens of SSL-VPN firewalls uses a cryptographically weak pseudo-random number generator (PRNG) that could be predicted by […]