Lucian Constantin

CSO Senior Writer

Lucian Constantin writes about information security, privacy, and data protection for CSO.

SAP ASE leaves sensitive credentials in installation logs

Zerologon explained: Why you should patch this critical Windows Server flaw now

Zerologon explained: Why you should patch this critical Windows Server flaw now

Attackers have learned how to exploit the Zerologon vulnerability in Windows Server, potentially gaining domain admin control.

WastedLocker explained: How this targeted ransomware extorts millions from victims

WastedLocker explained: How this targeted ransomware extorts millions from victims

WastedLocker is sophisticated ransomware created by Evil Corp, a notorious cyber criminal group.

Mesh VPNs explained: Another step toward zero-trust networking

Mesh VPNs explained: Another step toward zero-trust networking

Mesh VPNs use a peer-to-peer architecture where every node or peer in the network can connect directly to any other peer without going through a central concentrator or gateway. This approach can be less expensive and easier to scale...

Evilnum group targets FinTech firms with new Python-based RAT

Evilnum group targets FinTech firms with new Python-based RAT

The attack hides in Windows systems by impersonating several legitimate programs.

APT-style mercenary groups challenge the threat models of many organizations

APT-style mercenary groups challenge the threat models of many organizations

APT-for-hire services will broaden the scope of who is vulnerable to that type of attack. Small- and medium-sized companies in particular need to rethink their threat models.

After a decade, Qbot Trojan malware gains new, dangerous tricks

After a decade, Qbot Trojan malware gains new, dangerous tricks

New Qbot abilities include inserting malware in legitimate email threads to spread malware.

The state of application security: What the statistics tell us

The state of application security: What the statistics tell us

Companies are moving toward a DevSecOps approach to application development, but problems remain with security testing ownership and open-source code vulnerabilities.

Protocol gateway flaws reveal a weak point in ICS environments

Protocol gateway flaws reveal a weak point in ICS environments

Research presented at this week's Black Hat conference highlights a new threat via protocol translation attacks and reveals 9 flaws found in protocol gateways from different vendors.

DNSSEC explained: Why you might want to implement it on your domain

DNSSEC explained: Why you might want to implement it on your domain

The Domain Name System Security Extensions provide cryptographic authentication to prevent redirection to rogue websites, but owners of many domains have yet to adopt it.

Linux GRUB2 bootloader flaw breaks Secure Boot on most computers and servers

Linux GRUB2 bootloader flaw breaks Secure Boot on most computers and servers

The vulnerability can also affect Windows systems. A patch is available, but will require manual testing and deployment.

What is DevSecOps? Why it's hard to do well

What is DevSecOps? Why it's hard to do well

DevSecOps is about introducing security earlier in the life cycle of application development, thus minimizing vulnerabilities and bringing security closer to IT and business objectives.

Load More