A research project targeting vulnerabilities in widely used content access and protection technology from Microsoft raises some questions over certain aspects of responsible disclosure. For the past several years, Adam Gowdiak, founder and CEO of AG Security Research (formerly Security Explorations) has been looking into the security of digital content, specifically video streaming platforms. Gowdiak […]

Darktrace on Thursday announced the “proposed acquisition” of UK-based incident investigation and response firm Cado Security.  Financial terms have not been disclosed for the deal that is expected to be completed in February, but the Australian Financial Review (AFR) reported (paywalled link) that Darktrace will pay an estimated $50 million to $100 million, subject to […]

Florida-based medical and dental billing and revenue cycle management company Medusind has revealed that a data breach discovered in December 2023 impacts over 360,000 individuals. The company, which serves thousands of healthcare providers, revealed in letters sent to affected individuals that it discovered an intrusion on December 29, 2023.  An investigation conducted with the aid […]

Threat actors are exploiting a recently disclosed GFI KerioControl firewall vulnerability that leads to one-click remote code execution (RCE), threat intelligence firm GreyNoise warns. GFI KerioControl is a network security solution that provides firewall functionality and unified threat management capabilities, including threat detection and blocking, traffic control, intrusion prevention, and VPN features. The exploited issue, […]

SonicWall this week announced patches for multiple vulnerabilities in its firewalls, including two high-severity flaws that could lead to authentication bypass. Tracked as CVE-2024-40762, the first issue exists because the authentication token generator in SonicOS versions running on tens of SSL-VPN firewalls uses a cryptographically weak pseudo-random number generator (PRNG) that could be predicted by […]

So much of the technology showcased at CES includes gadgets made to improve consumers’ lives — whether by leveraging AI to make devices that help people become more efficient, by creating companions to cure loneliness or by providing tools that help people with mental and physical health. But not all innovation is good, according to […]

As we look ahead to the New Year and think about what we are going to prioritize from a security and threat intelligence perspective, it struck me that it is the same problem of old with which we are challenged: collaborating and communicating more effectively to share vital intelligence in the face of ever-growing threats […]

Palo Alto Networks on Wednesday announced patches for multiple vulnerabilities in the Expedition migration tool, including a high-severity bug leading to sensitive information disclosure. A free tool previously known as the Migration Tool, Expedition allows organizations to migrate from other firewall vendors to the Palo Alto Networks NGFW platform. Designed as a temporary migration solution […]

Excelsior Orthopaedics is notifying approximately 357,000 people that their personal and health information was compromised in a data breach resulting from a ransomware attack that came to light in June 2024. Operating several clinics in Amherst, New York, including the Buffalo Surgery Center and Northtowns Orthopaedics, Excelsior Orthopaedics is a healthcare company that specializes in […]

Google Cloud’s Mandiant has linked the exploitation of a newly patched Ivanti VPN zero-day vulnerability to Chinese cyberspies. Ivanti alerted customers on Wednesday that two vulnerabilities, tracked as CVE-2025-0282 and CVE-2025-0283, have been patched in its Connect Secure (ICS) VPN appliances.  CVE-2025-0282, a critical stack-based buffer overflow that allows unauthenticated remote attackers to execute arbitrary […]