Lucian Constantin
CSO Senior Writer
Lucian Constantin writes about information security, privacy, and data protection for CSO.
Ransomware ecosystem becoming more diverse for 2023
The decline of big ransomware groups like Conti and REvil has given rise to smaller gangs, presenting a threat intelligence challenge.
Log4Shell remains a big threat and a common cause for security breaches
Log4Shell is likely to remain a favored vulnerability to exploit as organizations lack visibility into their software supply chains.
Cuba ransomware group used Microsoft developer accounts to sign malicious drivers
The ransomware gang was able to use signed malicious drivers to disable endpoint security tools. Microsoft has revoked the certificates.
New Royal ransomware group evades detection with partial encryption
The tactics used by the Royal ransomware group allow for fast and stealthy encryption and share similarities with the defunct Conti group.
JSON-based SQL injection attacks trigger need to update web application firewalls
Newly discovered method uses JSON syntax to deliver malicious payloads that bypass SQLi protections in popular WAFs.
Flaws in MegaRAC baseband management firmware impact many server brands
The newly discovered vulnerabilities could allow attackers to gain control of servers that use AMI's MegaRAC BMC firmware.
Researchers found security pitfalls in IBM’s cloud infrastructure
A demonstrated attack by cybersecurity researchers in IBM’s cloud infrastructure allowed them access to the internal server used to build database images for customer deployments.
Software projects face supply chain security risk due to insecure artifact downloads via GitHub Actions
Cybersecurity researchers found risks in the GitHub Actions platform that could enable attackers to inject malicious code into software projects and initiate a supply chain attack.
What is Ransom Cartel? A ransomware gang focused on reputational damage
The group combines data encryption with data theft and threatens to release stolen information on their website. But Ransom Cartel ups its game by threatening to send sensitive information to victim’s partners, competitors, and news...
Here is why you should have Cobalt Strike detection in place
Abusing variants of legitimate penetration testing tools has become a standard tactic for many attackers seeking to fool security teams. Cobalt Strike is among the attack frameworks used by red teams and cyber specialists should be on...
DUCKTAIL malware campaign targeting Facebook business and ads accounts is back
The spear phishing group has revised its tactics and is employing more sophisticated techniques and tactics based on what appears to be extensive research into Facebook business and ads management accounts.
Online retailers should prepare for a holiday season spike in bot-operated attacks
On the naughty list this year are a host of bad actors employing a huge variety of different bot attacks that can have a big impact on retail websites. Fortunately, there are steps cybersecurity professionals can take to mitigate the...
Researchers show techniques for malware persistence on F5 and Citrix load balancers
Tests show that deploying malware in a persistent manner on load balancer firmware is within reach of less sophisticated attackers.
OpenSSL project patches two vulnerabilities but downgrades severity
The two vulnerabilities in OpenSSL 3.0 are now rated as high rather than critical severity after further testing.
With Conti gone, LockBit takes lead of the ransomware threat landscape
Two new reports show LockBit is now the dominate ransomware choice thanks to a void left by Conti and updated code.
Attackers switch to self-extracting password-protected archives to distribute email malware
This variation on an old technique does not require the victim to provide a password to execute the malware.
Supply chain attacks increased over 600% this year and companies are falling behind
Most companies believe they are using no open-source software libraries with known vulnerabilities, but new research finds them in 68% of selected enterprise applications.
New Chinese attack framework Alchimist serves Windows, Linux, and macOS implants
Alchimist is easy to deploy and gives attackers a large suite of functionalities with which they can wreak havoc.
Researchers extract master encryption key from Siemens PLCs
Global encryption keys were hardcoded on some programmable logic controller product lines. Siemens recommends upgrading all affected devices.