Lucian Constantin

CSO Senior Writer

Lucian Constantin writes about information security, privacy, and data protection for CSO.

Cyberespionage group developed backdoors tailored for VMware ESXi hypervisors

Most hackers need 5 hours or less to break into enterprise environments

Most hackers need 5 hours or less to break into enterprise environments

A new survey of 300 ethical hackers provides insight into not only the most common means of initial access but how a complete end-to-end attack happens.

Zoho ManageEngine flaw is actively exploited, CISA warns

Zoho ManageEngine flaw is actively exploited, CISA warns

Threat actors are exploiting unpatched ManageEngine instances. CISA adds the vulnerability to its catalog and Zoho urges customers to check their deployments.

SEO poisoning campaign directs search engine visitors from multiple industries to JavaScript malware

SEO poisoning campaign directs search engine visitors from multiple industries to JavaScript malware

The sophisticated campaign sends victims looking for business forms and templates to sites containing malicious files.

Ransomware operators might be dropping file encryption in favor of corrupting files

Ransomware operators might be dropping file encryption in favor of corrupting files

Corrupting files is faster, cheaper, and less likely to be stopped by endpoint protection tools than encrypting them.

Multi-factor authentication fatigue attacks are on the rise: How to defend against them

Multi-factor authentication fatigue attacks are on the rise: How to defend against them

LAPSUS$ is just one cybercriminal group that has breached networks of large companies such as Uber and Microsoft by spamming employees with MFA authentication requests.

Iranian cyberspies use multi-persona impersonation in phishing threads

Iranian cyberspies use multi-persona impersonation in phishing threads

Iran-sponsored groups use fake personas of real people to add credibility to phishing emails designed to deliver malware through remote template injection.

North Korean state-sponsored hacker group Lazarus adds new RAT to its malware toolset

North Korean state-sponsored hacker group Lazarus adds new RAT to its malware toolset

Lazarus has used the new remote access Trojan in campaigns that exploit the Log4Shell vulnerability and target energy companies.

How Azure Active Directory opens new authentication risks

How Azure Active Directory opens new authentication risks

Hybrid cloud identity and access management services add complexity and opportunity for attackers to network authentication processes, as recently demonstrated for Azure AD.

Ragnar Locker continues trend of ransomware targeting energy sector

Ragnar Locker continues trend of ransomware targeting energy sector

Ransomware gangs seem to be exploiting concerns over disruptions in the energy and other critical infrastructure sectors.

Multi-stage crypto-mining malware hides in legitimate apps with month-long delay trigger

Multi-stage crypto-mining malware hides in legitimate apps with month-long delay trigger

The Nitrokod cryptocurrency mining campaign goes to great lengths to avoid detection and can remain active for years.

Sophisticated BEC scammers bypass Microsoft 365 multi-factor authentication

Sophisticated BEC scammers bypass Microsoft 365 multi-factor authentication

Analysis of the BEC campaign reveal weaknesses in Microsoft's authentication system.

Load More