Medical Billing Firm Medusind Says Data Breach Impacts 360,000 People
Florida-based medical and dental billing and revenue cycle management company Medusind has revealed that a data breach discovered in December 2023 impacts over 360,000 individuals. The company, which serves thousands of healthcare providers, revealed in letters sent to affected individuals that it discovered an intrusion on December 29, 2023. An investigation conducted with the aid […]
Read More
GFI KerioControl Firewall Vulnerability Exploited in the Wild
Threat actors are exploiting a recently disclosed GFI KerioControl firewall vulnerability that leads to one-click remote code execution (RCE), threat intelligence firm GreyNoise warns. GFI KerioControl is a network security solution that provides firewall functionality and unified threat management capabilities, including threat detection and blocking, traffic control, intrusion prevention, and VPN features. The exploited issue, […]
Read More
SonicWall Patches Authentication Bypass Vulnerabilities in Firewalls
SonicWall this week announced patches for multiple vulnerabilities in its firewalls, including two high-severity flaws that could lead to authentication bypass. Tracked as CVE-2024-40762, the first issue exists because the authentication token generator in SonicOS versions running on tens of SSL-VPN firewalls uses a cryptographically weak pseudo-random number generator (PRNG) that could be predicted by […]
Read More
The ‘Worst in Show’ CES Products Put Your Data at Risk and Cause Waste, Privacy Advocates Say
So much of the technology showcased at CES includes gadgets made to improve consumers’ lives — whether by leveraging AI to make devices that help people become more efficient, by creating companions to cure loneliness or by providing tools that help people with mental and physical health. But not all innovation is good, according to […]
Read More
From Silos to Synergy: Transforming Threat Intelligence Sharing in 2025
As we look ahead to the New Year and think about what we are going to prioritize from a security and threat intelligence perspective, it struck me that it is the same problem of old with which we are challenged: collaborating and communicating more effectively to share vital intelligence in the face of ever-growing threats […]
Read More
Palo Alto Networks Patches High-Severity Vulnerability in Retired Migration Tool
Palo Alto Networks on Wednesday announced patches for multiple vulnerabilities in the Expedition migration tool, including a high-severity bug leading to sensitive information disclosure. A free tool previously known as the Migration Tool, Expedition allows organizations to migrate from other firewall vendors to the Palo Alto Networks NGFW platform. Designed as a temporary migration solution […]
Read More
Excelsior Orthopaedics Data Breach Impacts 357,000 People
Excelsior Orthopaedics is notifying approximately 357,000 people that their personal and health information was compromised in a data breach resulting from a ransomware attack that came to light in June 2024. Operating several clinics in Amherst, New York, including the Buffalo Surgery Center and Northtowns Orthopaedics, Excelsior Orthopaedics is a healthcare company that specializes in […]
Read More
Exploitation of New Ivanti VPN Zero-Day Linked to Chinese Cyberspies
Google Cloud’s Mandiant has linked the exploitation of a newly patched Ivanti VPN zero-day vulnerability to Chinese cyberspies. Ivanti alerted customers on Wednesday that two vulnerabilities, tracked as CVE-2025-0282 and CVE-2025-0283, have been patched in its Connect Secure (ICS) VPN appliances. CVE-2025-0282, a critical stack-based buffer overflow that allows unauthenticated remote attackers to execute arbitrary […]
Read More
Ivanti Warns of New Zero-Day Attacks Hitting Connect Secure Product
Embattled IT software vendor Ivanti on Wednesday raised an alarm for a pair of remotely exploitable vulnerabilities in its enterprise-facing products and warned that one of the bugs has already been exploited in the wild. The high-severity vulnerabilities, tagged as CVE-2025-0282 and CVE-2025-0283, allow unauthenticated remote attackers to launch code execution and privilege escalation attacks. […]
Read More
Telegram Shared Data of Thousands of Users After CEO’s Arrest
Following the arrest of its CEO last summer, Telegram has been increasingly sharing user data at the request of authorities, according to data collected by researchers. French authorities arrested Telegram CEO Pavel Durov, a dual citizen of France and Russia, in August 2024 as part of an investigation into criminal activities facilitated by the privacy-focused […]
Read More