Lucian Constantin

CSO Senior Writer

Lucian Constantin writes about information security, privacy, and data protection for CSO.

Void Balaur explained—a stealthy cyber mercenary group that spies on thousands

REvil ransomware explained: A widespread extortion operation

REvil ransomware explained: A widespread extortion operation

The REvil group, a.k.a. Sodinokibi, re-victimizes its targets by threatening to release stolen data even after the initial ransom demand is paid.

Flaws in the Nucleus embedded TCP/IP stack puts critical systems at risk

Flaws in the Nucleus embedded TCP/IP stack puts critical systems at risk

The NUCLEUS:13 vulnerabilities can allow remote code execution or denial of service attacks. Billions of devices could be affected.

BusyBox flaws highlight need for consistent IoT updates

BusyBox flaws highlight need for consistent IoT updates

Some of the 14 vulnerabilities could result in remote code execution or denial of service attacks.

Update and isolate your Nagios servers now

Update and isolate your Nagios servers now

Recently discovered vulnerabilities in Nagios servers could give attackers broad access to systems and data if exploited.

Stealthy Trojan that roots Android devices makes its way on app stores

Stealthy Trojan that roots Android devices makes its way on app stores

The criminals behind the Trojan have placed fully functional utilities that carry malicious code on the Google Play store in a way that evades detection.

Conti ransomware explained: What you need to know about this aggressive criminal group

Conti ransomware explained: What you need to know about this aggressive criminal group

The Conti ransomware group is less likely to help victims restore encrypted files and more likely to leak exfiltrated data.

Russian cyberspies target cloud services providers and resellers to abuse delegated access

Russian cyberspies target cloud services providers and resellers to abuse delegated access

A new Microsoft advisory claims Russia's Nobelium group is trying to gain long-term access to the technology supply chain and offers mitigation advice.

Detecting anomalies with TLS fingerprints could pinpoint supply chain compromises

Detecting anomalies with TLS fingerprints could pinpoint supply chain compromises

Researchers at Splunk outline a technique, pioneered by Salesforce, that could detect malicious activity in the software supply chain, but with some limitations.

Chinese APT group IronHusky exploits zero-day Windows Server privilege escalation

Chinese APT group IronHusky exploits zero-day Windows Server privilege escalation

The attackers used the exploit to deploy a new remote shell Trojan called MysterySnail.

Iranian APT targets aerospace and telecom firms with stealthy ShellClient Trojan

Iranian APT targets aerospace and telecom firms with stealthy ShellClient Trojan

The MalKamak group has been running its Operation GhostShell campaign for at least three years unnoticed.

APT29 targets Active Directory Federation Services with stealthy backdoor

APT29 targets Active Directory Federation Services with stealthy backdoor

The FoggyWeb post-exploitation backdoor is persistent and steals configuration databases and security token certificates.

Load More