Lucian Constantin

CSO Senior Writer

Lucian Constantin writes about information security, privacy, and data protection for CSO.

New ransomware group CACTUS abuses remote management tools for persistence

New ransomware group CACTUS abuses remote management tools for persistence

The CACTUS cybercriminal group targets VPN appliances for initial access and to install a backdoor.

Azure API Management flaws highlight server-side request forgery risks in API development

Azure API Management flaws highlight server-side request forgery risks in API development

New SSRF vulnerabilities highlight the weaknesses of using blacklisting techniques as a defense mechanism.

Attacks increasingly use malicious HTML email attachments

Attacks increasingly use malicious HTML email attachments

New research shows that up to a half of all HTML email attachments are malicious, and not just because of a few massive campaigns.

Cybercrime group FIN7 targets Veeam backup servers

Cybercrime group FIN7 targets Veeam backup servers

At least two Veeam instances have been compromised, possibly using a vulnerability patched in March.

Iranian cyberspies deploy new malware implant on Microsoft Exchange Servers

Iranian cyberspies deploy new malware implant on Microsoft Exchange Servers

Attacks using the BellaCiao malware dropper seem to be customized for specific targets.

New DDoS amplification vector could enable massive attacks

New DDoS amplification vector could enable massive attacks

A vulnerability in the Service Location Protocol on internet-connected devices could create a DDoS amplification factor of up to 2200X.

Thousands of misconfigured container and artifact registries expose sensitive credentials

Thousands of misconfigured container and artifact registries expose sensitive credentials

Shadow IT or careless configuration of container and artifact registries could give attackers access to sensitive data and inject malicious code.

Cisco patches high and critical flaws across several products

Cisco patches high and critical flaws across several products

Left unmitigated, the vulnerabilities could lead to unauthorized remote access, denial of service attacks, or privilege escalation.

3CX hack highlights risk of cascading software supply-chain compromises

3CX hack highlights risk of cascading software supply-chain compromises

The attack that injected malicious code into the company's software appears to have been enabled by another compromised application.

Russian cyber spy group APT28 backdoors Cisco routers via SNMP

Russian cyber spy group APT28 backdoors Cisco routers via SNMP

The spy agency has been exploiting an old vulnerability that allows bad actors to gain access through simple network management protocol credentials.

Hard-to-detect malware loader distributed via AI-generated YouTube videos

Hard-to-detect malware loader distributed via AI-generated YouTube videos

The new malware loads the Aurora infostealer and can avoid being executed in virtual machines or sandboxes for analysis.

Russian cyberspies hit NATO and EU organizations with new malware toolset

Russian cyberspies hit NATO and EU organizations with new malware toolset

The APT29 espionage campaign is ongoing and the Polish military is urging potential targets to mitigate the risk.

Why you should patch the Windows QueueJumper vulnerability immediately

Why you should patch the Windows QueueJumper vulnerability immediately

A critical flaw in Microsoft Message Queuing Service is likely to be exploited as many organizations could be unaware that it is active.

Google launches dependency API and curated package repository with security metadata

Google launches dependency API and curated package repository with security metadata

With the two new services, Google aims to help minimize risk from malicious code in the software supply chain.

Iranian APT group launches destructive attacks in hybrid Azure AD environments

Iranian APT group launches destructive attacks in hybrid Azure AD environments

The threat group MERCURY has the ability to move from on-premises to cloud Microsoft Azure environments.

CISA warns of critical flaws in ICS and SCADA software from multiple vendors

CISA warns of critical flaws in ICS and SCADA software from multiple vendors

Some of the vulnerabilities could allow attackers to access systems with ease. Patches are not available for all the flaws.

Default static key in ThingsBoard IoT platform can give attackers admin access

Default static key in ThingsBoard IoT platform can give attackers admin access

Admins unable to update to the patched ThingsBoard version can manually change the default signing key.

Hackers steal crypto assets by defeating 2FA with rogue browser extension

Hackers steal crypto assets by defeating 2FA with rogue browser extension

The Rilide malware tricks victims into revealing their second-factor authentication to withdraw cryptocurrency in the background.

New Rorschach ransomware hits with unique features and very fast encryption

New Rorschach ransomware hits with unique features and very fast encryption

Researchers say the recently discovered strain raises the bar by automating some intrusion processes and moving very quickly compared to other attacks.

Spyware vendors use exploit chains to take advantage of patch delays in mobile ecosystem

Spyware vendors use exploit chains to take advantage of patch delays in mobile ecosystem

Spyware vendors use a combination of zero-day exploits and known vulnerabilities. Google TAG researchers urge faster patching of mobile devices

Load More