Lucian Constantin

CSO Senior Writer

Lucian Constantin writes about information security, privacy, and data protection for CSO.

REvil ransomware explained: A widespread extortion operation

Chinese APT group IronHusky exploits zero-day Windows Server privilege escalation

Chinese APT group IronHusky exploits zero-day Windows Server privilege escalation

The attackers used the exploit to deploy a new remote shell Trojan called MysterySnail.

Iranian APT targets aerospace and telecom firms with stealthy ShellClient Trojan

Iranian APT targets aerospace and telecom firms with stealthy ShellClient Trojan

The MalKamak group has been running its Operation GhostShell campaign for at least three years unnoticed.

APT29 targets Active Directory Federation Services with stealthy backdoor

APT29 targets Active Directory Federation Services with stealthy backdoor

The FoggyWeb post-exploitation backdoor is persistent and steals configuration databases and security token certificates.

Cybercriminals bypass 2FA and OTP with robocalling and Telegram bots

Cybercriminals bypass 2FA and OTP with robocalling and Telegram bots

The automated bots are highly successful because they effectively emulate legitimate service providers.

Exchange Autodiscover feature can cause Outlook to leak credentials

Exchange Autodiscover feature can cause Outlook to leak credentials

A design issue in the Microsoft Exchange Autodiscover feature can cause Outlook and other third-party Exchange client applications to leak plaintext Windows domain credentials to external servers. Here’s what companies can do now to...

APT actors exploit flaw in ManageEngine single sign-on solution

APT actors exploit flaw in ManageEngine single sign-on solution

US government agencies urge immediate action to look for indicators of compromise and, if found, take recommended steps to mitigate.

How APTs become long-term lurkers: Tools and techniques of a targeted attack

How APTs become long-term lurkers: Tools and techniques of a targeted attack

A new McAfee report details the tools and techniques an APT group used to go undetected on a client network for over a year.

Critical flaw in Atlassian Confluence actively exploited

Critical flaw in Atlassian Confluence actively exploited

The remote code execution vulnerability was recently patched for affected versions of Atlassian Confluence Server and Data Center; users are advised to apply the patch or upgrade.

Cosmos DB users advised to regenerate their keys following serious vulnerability

Cosmos DB users advised to regenerate their keys following serious vulnerability

The Azure vulnerability, which affects only those using the Jupyter Notebook feature, gives attackers access to data in databases.

How ransomware runs the underground economy

How ransomware runs the underground economy

Ransomware gangs are adopting all the core elements of legitimate businesses—including defined staff roles, marketing plans, partner ecosystems, and even venture capital investments—and some hallmarks of more traditional criminal...

LockFile ransomware uses intermittent encryption to evade detection

LockFile ransomware uses intermittent encryption to evade detection

This newly discovered ransomware works fast, has multiple ways to avoid detection, and preys on Windows systems with known vulnerabilities.

Load More