Lucian Constantin

CSO Senior Writer

Lucian Constantin writes about information security, privacy, and data protection for CSO.

Attacker groups adopt new penetration testing tool Brute Ratel

APT campaign targeting SOHO routers highlights risks to remote workers

APT campaign targeting SOHO routers highlights risks to remote workers

The ZuoRAT remote access Trojan malware can compromise multiple router brands and likely has been active for years.

LockBit explained: How it has become the most popular ransomware

LockBit explained: How it has become the most popular ransomware

Criminal use of the LockBit ransomware as a service is growing rapidly thanks to updates to the malware and the decline of other ransomware gangs.

Zero-day flaw in Atlassian Confluence exploited in the wild since May

Zero-day flaw in Atlassian Confluence exploited in the wild since May

Atlassian has issued emergency patches for the vulnerability, which could allow attackers to perform remote code execution.

Dozens of insecure-by-design flaws found in OT products

Dozens of insecure-by-design flaws found in OT products

The OT:ICEFALL report shows that makers of operational technology manufacturers have to improve the security of their devices.

APT actor ToddyCat hits government and military targets in Europe and Asia

APT actor ToddyCat hits government and military targets in Europe and Asia

The previously undocumented APT group has been targeting high-profile organizations in Asia and Europe for over a year.

Ransomware could target OneDrive and SharePoint files by abusing versioning configurations

Ransomware could target OneDrive and SharePoint files by abusing versioning configurations

A proof-of-concept exploit could make Office 365 or Microsoft 365 documents stored on OneDrive or SharePoint inaccessible.

New peer-to-peer botnet Panchan hijacks Linux servers

New peer-to-peer botnet Panchan hijacks Linux servers

The botnet built by the platform-independent worm malware currently enables cryptomining.

Hackers using stealthy Linux backdoor Symbiote to steal credentials

Hackers using stealthy Linux backdoor Symbiote to steal credentials

Symbiote is deployed as a shared object that can inject itself into existing processes, making it difficult to detect.

Cybercriminals look to exploit Intel ME vulnerabilities for highly persistent implants

Cybercriminals look to exploit Intel ME vulnerabilities for highly persistent implants

Leaked Conti information show the ransomware gang likely completed a proof of concept to exploit Intel ME and rewrite its firmware.

Microsoft gives mitigation advice for Follina vulnerability exploitable via Office apps

Microsoft gives mitigation advice for Follina vulnerability exploitable via Office apps

The actively exploited flaw allows attackers to use malicious Word documents to perform remote code execution through Microsoft Support Diagnostic Tool.

Conti ransomware explained: What you need to know about this aggressive criminal group

Conti ransomware explained: What you need to know about this aggressive criminal group

The Conti ransomware group is less likely to help victims restore encrypted files and more likely to leak exfiltrated data.

Chaos ransomware explained: A rapidly evolving threat

Chaos ransomware explained: A rapidly evolving threat

The Chaos ransomware builder, now rebranded as Yashma, is quickly improving and being adopted by cybercriminal groups.

Two account compromise flaws fixed in Strapi headless CMS

Two account compromise flaws fixed in Strapi headless CMS

The vulnerabilities allow attackers to use a low-privilege account to reset the password of a higher-privilege account.

Google to launch repository service with security-tested versions of open-source software packages

Google to launch repository service with security-tested versions of open-source software packages

The paid Assured Open Source Software service will offer common open-source packages after vetting the provenance of its code and dependencies.

Stealthy Linux implant BPFdoor compromised organizations globally for years

Stealthy Linux implant BPFdoor compromised organizations globally for years

The China-linked backdoor takes advantage of the Berkeley Packet Filter on Unix systems to hide its presence.

Chinese APT group Mustang Panda targets European and Russian organizations

Chinese APT group Mustang Panda targets European and Russian organizations

Latest campaigns by Mustang Panda highlight the threat actor's versatility in terms of the tools and techniques it is able to use.

Chinese APT group Winnti stole trade secrets in years-long undetected campaign

Chinese APT group Winnti stole trade secrets in years-long undetected campaign

The Operation CuckooBees campaign used zero-day exploits to compromise networks and leveraged Windows' Common Log File System to avoid detection.

TLS implementation flaws open Aruba and Avaya network switches to RCE attacks

TLS implementation flaws open Aruba and Avaya network switches to RCE attacks

The network switch vulnerabilities are considered critical and could allow attackers to break network segmentation, exfiltrate data, and escape captive portals.

Researchers break Azure PostgreSQL database-as-a-service isolation with cross-tenant attack

Researchers break Azure PostgreSQL database-as-a-service isolation with cross-tenant attack

Although the vulnerabilities were patched server-side, they allowed privilege escalation and authentication bypass.

Load More