UNITED STATES
×
Close
Lucian Constantin

Lucian Constantin

CSO Senior Writer

Lucian Constantin writes about information security, privacy, and data protection for CSO.

The Latest from Lucian
Researchers find new ICS malware toolkit designed to cause electric power outages
News Analysis

Researchers find new ICS malware toolkit designed to cause electric power outages

SMBs and regional MSPs are increasingly targeted by state-sponsored APT groups
News Analysis

SMBs and regional MSPs are increasingly targeted by state-sponsored APT groups

Research shows a shift toward advanced persistent threat actors compromising smaller organization, in part to enable other attacks.

Credential harvesting tool Legion targets additional cloud services
News Analysis

Credential harvesting tool Legion targets additional cloud services

Threat actors now use Legion to steal AWS-specific credentials from web servers to enable email and SMS spam campaigns.

Legitimate looking npm packages found hosting TurkoRat infostealer
News Analysis

Legitimate looking npm packages found hosting TurkoRat infostealer

The malicious packages have been downloaded hundreds of times, but the long-term impact is unknown.

Critical remote code execution flaws patched in Cisco small business switches
News Analysis

Critical remote code execution flaws patched in Cisco small business switches

Some of the vulnerabilities could lead to complete compromise of the device as a proof of concept is publicly available.

Researchers show ways to abuse Microsoft Teams accounts for lateral movement
News Analysis

Researchers show ways to abuse Microsoft Teams accounts for lateral movement

Attackers have several ways to enable lateral movement within a network via a compromised Teams account.

New ransomware gang RA Group quickly expanding operations
News Analysis

New ransomware gang RA Group quickly expanding operations

The RA Group uses double extortion and has detailed information on its victims.

Israeli threat group uses fake company acquisitions in CEO fraud schemes
News Analysis

Israeli threat group uses fake company acquisitions in CEO fraud schemes

The group targets multinational firms using email display name spoofing and multiple fake personas.

Microsoft fixes bypass for critical Outlook zero-click flaw patch
News Analysis

Microsoft fixes bypass for critical Outlook zero-click flaw patch

Microsoft rates the new Outlook vulnerability as medium severity, but Akamai researchers say it should be higher.

New ransomware group CACTUS abuses remote management tools for persistence
News Analysis

New ransomware group CACTUS abuses remote management tools for persistence

The CACTUS cybercriminal group targets VPN appliances for initial access and to install a backdoor.

Azure API Management flaws highlight server-side request forgery risks in API development
News Analysis

Azure API Management flaws highlight server-side request forgery risks in API development

New SSRF vulnerabilities highlight the weaknesses of using blacklisting techniques as a defense mechanism.

Attacks increasingly use malicious HTML email attachments
News Analysis

Attacks increasingly use malicious HTML email attachments

New research shows that up to a half of all HTML email attachments are malicious, and not just because of a few massive campaigns.

Load More