Lucian Constantin

CSO Senior Writer

Lucian Constantin writes about information security, privacy, and data protection for CSO.

From phish to network compromise in two hours: How Carbanak operates

From phish to network compromise in two hours: How Carbanak operates

Cybercriminal group Carbanak has stolen hundreds of millions of dollars from financial institutions. Here's a detailed analysis by Bitdefender of an attack on one bank.

Phishing attacks that bypass 2-factor authentication are now easier to execute

Phishing attacks that bypass 2-factor authentication are now easier to execute

Researchers released two tools--Muraen and NecroBrowser--that automate phishing attacks that can bypass 2FA. Most defenses won't stop them.

Public SAP exploits could enable attacks against thousands of companies

Public SAP exploits could enable attacks against thousands of companies

A recently released exploit takes advantage of a known configuration vulnerability that persists among many on-premise and cloud SAP instances. Here's what companies using SAP should do.

Over 90% of data transactions on IoT devices are unencrypted

Over 90% of data transactions on IoT devices are unencrypted

A report from Zscaler reveals some troubling facts about the risks posed by network-connected IoT devices.

Microsoft urges Windows customers to patch wormable RDP flaw

Microsoft urges Windows customers to patch wormable RDP flaw

A newly found vulnerability allows remote exploits using the Remote Desktop Protocol to gain full access to systems with no authentication.

The second Meltdown: New Intel CPU attacks leak secrets

The second Meltdown: New Intel CPU attacks leak secrets

Intel has done some mitigations for these vulnerabilities that can leak secrets from virtual machines, secure enclaves and kernel memory. Here's how the attacks work.

New Intel firmware boot verification bypass enables low-level backdoors

New Intel firmware boot verification bypass enables low-level backdoors

By replacing a PC's SPI flash chip with one that contains rogue code, an attacker can can gain full, persistent access.

Researchers warn of unpatched vulnerability in Oracle WebLogic Server

Researchers warn of unpatched vulnerability in Oracle WebLogic Server

Detected scans suggest attacker are seeking vulnerable servers to target for attacks.

GandCrab attackers exploit recently patched Confluence vulnerability

GandCrab attackers exploit recently patched Confluence vulnerability

If your company uses Confluence, make sure you have the latest available patches for this vulnerability.

What is the EU's revised Payment Services Directive (PSD2) and its impact?

What is the EU's revised Payment Services Directive (PSD2) and its impact?

The upcoming PSD2 requirements, which include multifactor authentication for online European payment card transactions, will have a ripple effect on the payments processing industry in the U.S. and elsewhere.

Group behind TRITON industrial sabotage malware made more victims

Group behind TRITON industrial sabotage malware made more victims

The attackers stayed undetected on the victim's network for more than a year and sought out operational technology networks.

Cybercrime groups raise the bar for security teams by borrowing APT techniques

Cybercrime groups raise the bar for security teams by borrowing APT techniques

Cyber criminals now have access to more nation-state technology to launch more sophisticated advanced persistent threat attacks. That's bad news for defenders.

Critical Magento SQL injection flaw could be targeted by hackers soon

Critical Magento SQL injection flaw could be targeted by hackers soon

Popular e-commerce platform Magento has released security patches to fix the flaw. Researchers say update now.

ASUS users fall victim to supply chain attack through backdoored update

ASUS users fall victim to supply chain attack through backdoored update

Attackers hijack ASUS's auto-update process to deliver malware. Preventing such attacks is difficult, but vendors and their customers can do more to mitigate the risk.

Magecart payment card skimmer gang returns stronger than ever

Magecart payment card skimmer gang returns stronger than ever

Web-based card skimmers are becoming harder to detect and remove thanks to evolving techniques.

Hackers use Slack to hide malware communications

Hackers use Slack to hide malware communications

A watering hole attack used Slack for its command-and-control communications to avoid network and endpoint detection.

One in three organizations suffered data breaches due to mobile devices

One in three organizations suffered data breaches due to mobile devices

New Verizon report shows a big gap between organizations' mobile security risk concerns and mobile security best practices they implement.

Qbot malware resurfaces in new attack against businesses

Qbot malware resurfaces in new attack against businesses

This new persistent and difficult-to-detect Qbot version is designed to steal financial information.

Elasticsearch clusters face attacks from multiple hacker groups

Elasticsearch clusters face attacks from multiple hacker groups

If you are running an older version of Elasticsearch, make sure you've patched its known vulnerabilities or consider upgrading.

Password managers remain an important security tool despite new vulnerability report

Password managers remain an important security tool despite new vulnerability report

Experts downplay discovery of a vulnerability that can expose passwords in a computer's memory. Hackers likely to take easier paths to stealing passwords.

Load More