Lucian Constantin

CSO Senior Writer

Lucian Constantin writes about information security, privacy, and data protection for CSO.

Chaos ransomware explained: A rapidly evolving threat

Two account compromise flaws fixed in Strapi headless CMS

Two account compromise flaws fixed in Strapi headless CMS

The vulnerabilities allow attackers to use a low-privilege account to reset the password of a higher-privilege account.

Google to launch repository service with security-tested versions of open-source software packages

Google to launch repository service with security-tested versions of open-source software packages

The paid Assured Open Source Software service will offer common open-source packages after vetting the provenance of its code and dependencies.

Stealthy Linux implant BPFdoor compromised organizations globally for years

Stealthy Linux implant BPFdoor compromised organizations globally for years

The China-linked backdoor takes advantage of the Berkeley Packet Filter on Unix systems to hide its presence.

Chinese APT group Mustang Panda targets European and Russian organizations

Chinese APT group Mustang Panda targets European and Russian organizations

Latest campaigns by Mustang Panda highlight the threat actor's versatility in terms of the tools and techniques it is able to use.

Chinese APT group Winnti stole trade secrets in years-long undetected campaign

Chinese APT group Winnti stole trade secrets in years-long undetected campaign

The Operation CuckooBees campaign used zero-day exploits to compromise networks and leveraged Windows' Common Log File System to avoid detection.

TLS implementation flaws open Aruba and Avaya network switches to RCE attacks

TLS implementation flaws open Aruba and Avaya network switches to RCE attacks

The network switch vulnerabilities are considered critical and could allow attackers to break network segmentation, exfiltrate data, and escape captive portals.

Researchers break Azure PostgreSQL database-as-a-service isolation with cross-tenant attack

Researchers break Azure PostgreSQL database-as-a-service isolation with cross-tenant attack

Although the vulnerabilities were patched server-side, they allowed privilege escalation and authentication bypass.

New malware loader Bumblebee adopted by known ransomware access brokers

New malware loader Bumblebee adopted by known ransomware access brokers

The Bumblebee downloader has deployed open-source penetration testing tools like Cobalt Strike and is delivered through spear-phishing campaigns.

Why you should patch the latest critical Windows RPC vulnerability right now

Why you should patch the latest critical Windows RPC vulnerability right now

CVE-2022-26809 can allow attackers to compromise networks without user intervention, making it the most dangerous vulnerability fixed by Microsoft's April 12 Patch Tuesday update.

Serious flaws allow the hijacking of autonomous logistics robots used in hospitals

Serious flaws allow the hijacking of autonomous logistics robots used in hospitals

The now patched JekyllBot:5 vulnerabilities in Aethon TUG robots expose three communications interfaces, two APIs, and a websocket interface.

FBI active defense measure removes malware from privately owned firewalls

FBI active defense measure removes malware from privately owned firewalls

The action targeted devices infected by the Cyclops Blink malware, believed to have been developed by Russia's Sandworm group.

Load More