Lucian Constantin

CSO Senior Writer

Lucian Constantin writes about information security, privacy, and data protection for CSO.

SASE is coming, but adoption will be slow (especially for large enterprises)

Spy groups hack into companies using zero-day flaw in Pulse Secure VPN

Spy groups hack into companies using zero-day flaw in Pulse Secure VPN

Known and unknown groups are using VPN vulnerabilities to circumvent authentication and establish backdoors.

FBI cleans web shells from hacked Exchange servers in rare active defense move

FBI cleans web shells from hacked Exchange servers in rare active defense move

The FBI has been deleting backdoors placed by cyberespionage group Hafnium on Microsoft Exchange servers. The court order allowing them to do so signals a more active defense approach.

How data poisoning attacks corrupt machine learning models

How data poisoning attacks corrupt machine learning models

Data poisoning is a type of attack that involves tampering with and polluting a machine learning model's training data, impacting the model's ability to produce accurate predictions.

Top cybercrime gangs use targeted fake job offers to deploy stealthy backdoor

Top cybercrime gangs use targeted fake job offers to deploy stealthy backdoor

The Golden Chickens cybercriminal gang is believed to sell its more_eggs backdoor for spear phishing campaigns executed using information gleaned from victims' LinkedIn profiles.

PHP backdoor attempt shows need for better code authenticity verification

PHP backdoor attempt shows need for better code authenticity verification

Attackers were able to place malicious code in the PHP central code repository by impersonating key developers, forcing changes to the PHP Group's infrastructure.

Cloudflare wants to be your corporate network backbone with centralized management and security

Cloudflare wants to be your corporate network backbone with centralized management and security

Magic WAN and Magic Firewall aim to simplify linking sites and datacenters while allowing organizations to better enforce security policies.

Ryuk ransomware explained: A targeted, devastatingly effective attack

Ryuk ransomware explained: A targeted, devastatingly effective attack

Ryuk ransomware attacks are targeted to the most vulnerable, most likely to pay companies and are often paired with other malware such as TrickBot.

5 questions CISOs should be able to answer about software supply chain attacks

5 questions CISOs should be able to answer about software supply chain attacks

The SolarWinds attack put a spotlight on the threats that compromised third-party software present organizations. Here are the top questions executive management, boards and partners are asking CISOs about their preparedness.

New free software signing service aims to strengthen open-source ecosystem

New free software signing service aims to strengthen open-source ecosystem

The Linux Foundation's sigstore code-signing software, developed with Google, Red Hat and Purdue University, will help prevent attacks on the software supply chain.

Intel, Microsoft join DARPA effort to accelerate fully homomorphic encryption

Intel, Microsoft join DARPA effort to accelerate fully homomorphic encryption

The partnership aims to improve performance and accuracy of FHE to make it practical for business and government to better protect confidential data in the cloud.

Chinese cyberespionage group hacks US organizations with Exchange zero-day flaws

Chinese cyberespionage group hacks US organizations with Exchange zero-day flaws

Microsoft believes Chinese APT group Hafnium is using a set of previously unknown Exchange Server vulnerabilities to access mailbox contents and perform remote code execution.

Load More