Lucian Constantin
CSO Senior Writer
Lucian Constantin writes about information security, privacy, and data protection for CSO.
Macy’s breach is a game-changing Magecart attack
The attackers customized the Magecart code to the Macy's website to steal credit card information in the wallet and new registrations.
Hackers use free tools in new APT campaign against industrial sector firms
Attackers seek to make attribution harder and use sophisticated, realistic spear-phishing emails.
Remote hackers can modify CPU voltage to steal secrets from Intel SGX enclaves
By manipulating the voltage of Intel CPUs that use SGX, researchers can extract sensitive data, including full RSA encryption keys, from memory using the Plundervolt vulnerability.
Cryptominers and fileless PowerShell techniques make for a dangerous combo
This new dual-payload cryptojacking malware can disable Windows Antimalware Scan Interface and inject itself directly into memory of legitimate processes.
Emergent Android banking Trojan shows app overlay attacks are still effective
By taking code from another Android Trojan, Anubis, the Ginp malware has enhanced itself and has begun targeting banks.
Is your MSP an insider threat?
Managed services providers and managed security services providers (MSSPs) are attracting attention from attackers, who see them as a gateway to access their clients' networks. Follow this advice to minimize the risk.
How to secure your router and home network
Many users don't realize it, but their internet router is the most important electronic device in their home and is an attractive target for attackers.
Web payment card skimmers add anti-forensics capabilities
The newly discovered Pipka script can delete itself from a website after execution, making it very difficult to detect.
Defenders can discover phishing sites through web analytics IDs
Many phishing websites are now using unique user IDs (UIDs), and that gives defenders a signal to detect phishing attacks before they do much damage.
Attackers phish Office 365 users with fake voicemail messages
Recent phishing campaigns have combined a clever use of fake voicemail, phony Microsoft email, and off-the-shelf phishing kits to target high-value victims.
