Lucian Constantin

CSO Senior Writer

Lucian Constantin writes about information security, privacy, and data protection for CSO.

Remote code execution exploit chain available for VMware vRealize Log Insight

APT groups use ransomware TTPs as cover for intelligence gathering and sabotage

APT groups use ransomware TTPs as cover for intelligence gathering and sabotage

Changing tactics by North Korean, Russian, and Chinese APT groups suggest that Western companies are at greater risk.

Hackers abuse legitimate remote monitoring and management tools in attacks

Hackers abuse legitimate remote monitoring and management tools in attacks

Researchers and government agencies warn that threat actors are increasing their use of commercial RMM tools to enable financial scams.

Attackers move away from Office macros to LNK files for malware delivery

Attackers move away from Office macros to LNK files for malware delivery

Barriers that Microsoft has placed to prevent malicious macros has forced some cybercriminals to use LNK files for malware delivery, but at the cost of easier detection.

Attackers exploiting critical flaw in many Zoho ManageEngine products

Attackers exploiting critical flaw in many Zoho ManageEngine products

The ManageEngine vulnerability is easy to exploit and enables remote code execution. Patches are available.

Many ICS flaws remain unpatched as attacks against critical infrastructure rise

Many ICS flaws remain unpatched as attacks against critical infrastructure rise

More than a third of ICS device vulnerabilities have no patch available at a time when ICS environments face threats from new cybercrime groups.

How attackers might use GitHub Codespaces to hide malware delivery

How attackers might use GitHub Codespaces to hide malware delivery

A feature that allows developers to make applications accessible by a public GitHub URL could enable attackers to deliver malware and avoid detection.

Attackers deploy sophisticated Linux implant on Fortinet network security devices

Attackers deploy sophisticated Linux implant on Fortinet network security devices

The exploit allows attackers to remotely execute arbitrary code and commands without authentication.

Study shows attackers can use ChatGPT to significantly enhance phishing and BEC scams

Study shows attackers can use ChatGPT to significantly enhance phishing and BEC scams

Researchers demonstrate how attackers can use the GPT-3 natural language model to launch more effective, harder-to-detect phishing and business email compromise campaigns.

Attackers create 130K fake accounts to abuse limited-time cloud computing resources

Attackers create 130K fake accounts to abuse limited-time cloud computing resources

Cybercriminal group Automated Libra's PurpleUrchin campaign uses the fake accounts for cryptomining operations.

Attackers use stolen banking data as phishing lure to deploy BitRAT

Attackers use stolen banking data as phishing lure to deploy BitRAT

Data from an older breach lends credibility to this newer sophisticated attack that delivers a highly obfuscated payload.

PyTorch suffers supply chain attack via dependency confusion

PyTorch suffers supply chain attack via dependency confusion

A rogue packet on the machine learning framework allowed the attacker to exfiltrate data, including SSH keys.

Load More