

Lucian Constantin
CSO Senior Writer
Lucian Constantin writes about information security, privacy, and data protection for CSO.

APT groups use ransomware TTPs as cover for intelligence gathering and sabotage
Changing tactics by North Korean, Russian, and Chinese APT groups suggest that Western companies are at greater risk.

Hackers abuse legitimate remote monitoring and management tools in attacks
Researchers and government agencies warn that threat actors are increasing their use of commercial RMM tools to enable financial scams.

Attackers move away from Office macros to LNK files for malware delivery
Barriers that Microsoft has placed to prevent malicious macros has forced some cybercriminals to use LNK files for malware delivery, but at the cost of easier detection.

Attackers exploiting critical flaw in many Zoho ManageEngine products
The ManageEngine vulnerability is easy to exploit and enables remote code execution. Patches are available.

Many ICS flaws remain unpatched as attacks against critical infrastructure rise
More than a third of ICS device vulnerabilities have no patch available at a time when ICS environments face threats from new cybercrime groups.

How attackers might use GitHub Codespaces to hide malware delivery
A feature that allows developers to make applications accessible by a public GitHub URL could enable attackers to deliver malware and avoid detection.

Attackers deploy sophisticated Linux implant on Fortinet network security devices
The exploit allows attackers to remotely execute arbitrary code and commands without authentication.

Study shows attackers can use ChatGPT to significantly enhance phishing and BEC scams
Researchers demonstrate how attackers can use the GPT-3 natural language model to launch more effective, harder-to-detect phishing and business email compromise campaigns.

Attackers create 130K fake accounts to abuse limited-time cloud computing resources
Cybercriminal group Automated Libra's PurpleUrchin campaign uses the fake accounts for cryptomining operations.

Attackers use stolen banking data as phishing lure to deploy BitRAT
Data from an older breach lends credibility to this newer sophisticated attack that delivers a highly obfuscated payload.

PyTorch suffers supply chain attack via dependency confusion
A rogue packet on the machine learning framework allowed the attacker to exfiltrate data, including SSH keys.