Lucian Constantin

CSO Senior Writer

Lucian Constantin writes about information security, privacy, and data protection for CSO.

Microsoft urges Windows customers to patch wormable RDP flaw

The second Meltdown: New Intel CPU attacks leak secrets

The second Meltdown: New Intel CPU attacks leak secrets

Intel has done some mitigations for these vulnerabilities that can leak secrets from virtual machines, secure enclaves and kernel memory. Here's how the attacks work.

New Intel firmware boot verification bypass enables low-level backdoors

New Intel firmware boot verification bypass enables low-level backdoors

By replacing a PC's SPI flash chip with one that contains rogue code, an attacker can can gain full, persistent access.

Public SAP exploits could enable attacks against thousands of companies

Public SAP exploits could enable attacks against thousands of companies

A recently released exploit takes advantage of a known configuration vulnerability that persists among many on-premise and cloud SAP instances. Here's what companies using SAP should do.

Researchers warn of unpatched vulnerability in Oracle WebLogic Server

Researchers warn of unpatched vulnerability in Oracle WebLogic Server

Detected scans suggest attacker are seeking vulnerable servers to target for attacks.

GandCrab attackers exploit recently patched Confluence vulnerability

GandCrab attackers exploit recently patched Confluence vulnerability

If your company uses Confluence, make sure you have the latest available patches for this vulnerability.

What is the EU's revised Payment Services Directive (PSD2) and its impact?

What is the EU's revised Payment Services Directive (PSD2) and its impact?

The upcoming PSD2 requirements, which include multifactor authentication for online European payment card transactions, will have a ripple effect on the payments processing industry in the U.S. and elsewhere.

Group behind TRITON industrial sabotage malware made more victims

Group behind TRITON industrial sabotage malware made more victims

The attackers stayed undetected on the victim's network for more than a year and sought out operational technology networks.

Cybercrime groups raise the bar for security teams by borrowing APT techniques

Cybercrime groups raise the bar for security teams by borrowing APT techniques

Cyber criminals now have access to more nation-state technology to launch more sophisticated advanced persistent threat attacks. That's bad news for defenders.

Critical Magento SQL injection flaw could be targeted by hackers soon

Critical Magento SQL injection flaw could be targeted by hackers soon

Popular e-commerce platform Magento has released security patches to fix the flaw. Researchers say update now.

ASUS users fall victim to supply chain attack through backdoored update

ASUS users fall victim to supply chain attack through backdoored update

Attackers hijack ASUS's auto-update process to deliver malware. Preventing such attacks is difficult, but vendors and their customers can do more to mitigate the risk.

Magecart payment card skimmer gang returns stronger than ever

Magecart payment card skimmer gang returns stronger than ever

Web-based card skimmers are becoming harder to detect and remove thanks to evolving techniques.

Load More