Lucian Constantin

CSO Senior Writer

Lucian Constantin writes about information security, privacy, and data protection for CSO.

New cryptomining malware targets AWS Lambda

New cryptomining malware targets AWS Lambda

The malware, dubbed Denonia, is written in Go for easier deployment and uses AWS's own open-source Go libraries.

Spring4Shell patching is going slow but risk not comparable to Log4Shell

Spring4Shell patching is going slow but risk not comparable to Log4Shell

More tools to identify vulnerable applications and options to mitigate the risk from Spring4Shell are also now available.

Remote code execution flaws in Spring and Spring Cloud frameworks put Java apps at risk

Remote code execution flaws in Spring and Spring Cloud frameworks put Java apps at risk

Users are urged to update both the Spring Framework and Spring Boot tool.

US charges Russian government agents for cyberattacks on critical infrastructure

US charges Russian government agents for cyberattacks on critical infrastructure

Two sets of attacks used Triton and Havex malware to infiltrate industrial control systems at energy organizations in the US and abroad.

Developer sabotages own npm module prompting open-source supply chain security questions

Developer sabotages own npm module prompting open-source supply chain security questions

The node-ipc developer attempt to protest Russia's attack on Ukraine has the unintended consequence of casting more doubt in software supply chain integrity.

New ransomware LokiLocker bundles destructive wiping component

New ransomware LokiLocker bundles destructive wiping component

LokiLocker also uses an unusual obfuscation technique to avoid detection.

Dirty Pipe root Linux vulnerability can also impact containers

Dirty Pipe root Linux vulnerability can also impact containers

Researchers have shown that the Dirty Pipe vulnerability can be used to modify protected files and gain root rights.

New attack bypasses hardware defenses for Spectre flaw in Intel and ARM CPUs

New attack bypasses hardware defenses for Spectre flaw in Intel and ARM CPUs

Though not as easy to exploit, this proof of concept shows that some Intel and ARM processors are still vulnerable to side-channel attacks.

Critical flaws in APC uninterruptible power supplies poses risks to mission-critical devices

Critical flaws in APC uninterruptible power supplies poses risks to mission-critical devices

Attackers can exploit cloud-connected APC Smart-UPS units to take control of the devices they protect.

Critical flaws in remote management agent impacts thousands of medical devices

Critical flaws in remote management agent impacts thousands of medical devices

The Axeda platform, used by hundreds of IoT devices, has seven vulnerabilities, three of which allow for remote code execution.

Nvidia hackers release code-signing certificates that malware can abuse

Nvidia hackers release code-signing certificates that malware can abuse

Researchers have already found example of malicious files signed with the stolen certificates.

Conti gang says it's ready to hit critical infrastructure in support of Russian government

Conti gang says it's ready to hit critical infrastructure in support of Russian government

The ransomware group's claims follow a threat from the hacktivist group Anonymous to conduct cyberattacks against Russian targets.

TrickBot operators slowly abandon the botnet and replace it with Emotet

TrickBot operators slowly abandon the botnet and replace it with Emotet

Researchers believe the group behind TrickBot are moving the infected devices it controls to the newer, more difficult to detect Emotet malware.

Dangerous privilege escalation bugs found in Linux package manager Snap

Dangerous privilege escalation bugs found in Linux package manager Snap

Newly discovered Snap flaw allows a low-privileged user to gain root access.

ShadowPad has become the RAT of choice for several state-sponsored Chinese APTs

ShadowPad has become the RAT of choice for several state-sponsored Chinese APTs

New research links the ShadowPad remote-access Trojan to China's Ministry of State Security and the People's Liberation Army.

CISA warns about 15 actively exploited vulnerabilities

CISA warns about 15 actively exploited vulnerabilities

The high-severity vulnerabilities that CISA has added to its patch-now list include SeriousSAM privilege escalation and SMB remote code execution.

Google Cloud adds agentless threat detection to virtual machine workloads

Google Cloud adds agentless threat detection to virtual machine workloads

Virtual Machine Threat Detection at first will target cryptominers running on virtual servers. Detecting ransomware, Trojans, and other malware is coming.

Argo CD flaw puts cloud infrastructure at risk

Argo CD flaw puts cloud infrastructure at risk

The flaw could allow attackers to gain access to files, environment settings and secret tokens from the central repository server.

Iranian APT group uses previously undocumented Trojan for destructive access to organizations

Iranian APT group uses previously undocumented Trojan for destructive access to organizations

The Moses Staff group's main target is Israel, but has recently launched attacks on organizations in other countries including India, Germany and the U.S.

Target releases web skimming detection tool Merry Maker as open source

Target releases web skimming detection tool Merry Maker as open source

The open-source tool simulates online browsing and shopping to identify malicious code meant to steal payment card information on retailers' websites.

Load More