Lucian Constantin
CSO Senior Writer
Lucian Constantin writes about information security, privacy, and data protection for CSO.
The second Meltdown: New Intel CPU attacks leak secrets
Intel has done some mitigations for these vulnerabilities that can leak secrets from virtual machines, secure enclaves and kernel memory. Here's how the attacks work.
New Intel firmware boot verification bypass enables low-level backdoors
By replacing a PC's SPI flash chip with one that contains rogue code, an attacker can can gain full, persistent access.
Public SAP exploits could enable attacks against thousands of companies
A recently released exploit takes advantage of a known configuration vulnerability that persists among many on-premise and cloud SAP instances. Here's what companies using SAP should do.
Researchers warn of unpatched vulnerability in Oracle WebLogic Server
Detected scans suggest attacker are seeking vulnerable servers to target for attacks.
GandCrab attackers exploit recently patched Confluence vulnerability
If your company uses Confluence, make sure you have the latest available patches for this vulnerability.
What is the EU's revised Payment Services Directive (PSD2) and its impact?
The upcoming PSD2 requirements, which include multifactor authentication for online European payment card transactions, will have a ripple effect on the payments processing industry in the U.S. and elsewhere.
Group behind TRITON industrial sabotage malware made more victims
The attackers stayed undetected on the victim's network for more than a year and sought out operational technology networks.
Cybercrime groups raise the bar for security teams by borrowing APT techniques
Cyber criminals now have access to more nation-state technology to launch more sophisticated advanced persistent threat attacks. That's bad news for defenders.
Critical Magento SQL injection flaw could be targeted by hackers soon
Popular e-commerce platform Magento has released security patches to fix the flaw. Researchers say update now.
ASUS users fall victim to supply chain attack through backdoored update
Attackers hijack ASUS's auto-update process to deliver malware. Preventing such attacks is difficult, but vendors and their customers can do more to mitigate the risk.
