Lucian Constantin

CSO Senior Writer

Lucian Constantin writes about information security, privacy, and data protection for CSO.

Researchers found security pitfalls in IBM’s cloud infrastructure

Software projects face supply chain security risk due to insecure artifact downloads via GitHub Actions

Software projects face supply chain security risk due to insecure artifact downloads via GitHub Actions

Cybersecurity researchers found risks in the GitHub Actions platform that could enable attackers to inject malicious code into software projects and initiate a supply chain attack.

What is Ransom Cartel? A ransomware gang focused on reputational damage

What is Ransom Cartel? A ransomware gang focused on reputational damage

The group combines data encryption with data theft and threatens to release stolen information on their website. But Ransom Cartel ups its game by threatening to send sensitive information to victim’s partners, competitors, and news...

Here is why you should have Cobalt Strike detection in place

Here is why you should have Cobalt Strike detection in place

Abusing variants of legitimate penetration testing tools has become a standard tactic for many attackers seeking to fool security teams. Cobalt Strike is among the attack frameworks used by red teams and cyber specialists should be on...

DUCKTAIL malware campaign targeting Facebook business and ads accounts is back

DUCKTAIL malware campaign targeting Facebook business and ads accounts is back

The spear phishing group has revised its tactics and is employing more sophisticated techniques and tactics based on what appears to be extensive research into Facebook business and ads management accounts.

Online retailers should prepare for a holiday season spike in bot-operated attacks

Online retailers should prepare for a holiday season spike in bot-operated attacks

On the naughty list this year are a host of bad actors employing a huge variety of different bot attacks that can have a big impact on retail websites. Fortunately, there are steps cybersecurity professionals can take to mitigate the...

Researchers show techniques for malware persistence on F5 and Citrix load balancers

Researchers show techniques for malware persistence on F5 and Citrix load balancers

Tests show that deploying malware in a persistent manner on load balancer firmware is within reach of less sophisticated attackers.

OpenSSL project patches two vulnerabilities but downgrades severity

OpenSSL project patches two vulnerabilities but downgrades severity

The two vulnerabilities in OpenSSL 3.0 are now rated as high rather than critical severity after further testing.

With Conti gone, LockBit takes lead of the ransomware threat landscape

With Conti gone, LockBit takes lead of the ransomware threat landscape

Two new reports show LockBit is now the dominate ransomware choice thanks to a void left by Conti and updated code.

Attackers switch to self-extracting password-protected archives to distribute email malware

Attackers switch to self-extracting password-protected archives to distribute email malware

This variation on an old technique does not require the victim to provide a password to execute the malware.

Supply chain attacks increased over 600% this year and companies are falling behind

Supply chain attacks increased over 600% this year and companies are falling behind

Most companies believe they are using no open-source software libraries with known vulnerabilities, but new research finds them in 68% of selected enterprise applications.

New Chinese attack framework Alchimist serves Windows, Linux, and macOS implants

New Chinese attack framework Alchimist serves Windows, Linux, and macOS implants

Alchimist is easy to deploy and gives attackers a large suite of functionalities with which they can wreak havoc.

Load More