Lucian Constantin
CSO Senior Writer
Lucian Constantin writes about information security, privacy, and data protection for CSO.
New ransomware HavanaCrypt poses as Google software update
The HavanaCrypt ransomware has data exfiltration capabilities and goes to great lengths to avoid analysis.
"Evil PLC Attack" weaponizes PLCs to infect engineering workstations
Researchers demonstrate a proof of concept where hijacked programmable logic controllers can compromise engineering workstations to allow lateral movement.
New exploits can bypass Secure Boot and modern UEFI security protections
Two research groups demonstrate PC firmware vulnerabilities that are difficult to mitigate and likely to be exploited in the wild.
37 hardware and firmware vulnerabilities: A guide to the threats
Meltdown and Spectre raised the alarm over vulnerabilities that attackers can exploit in popular hardware and its firmware. This list, though not comprehensive, presents the most significant threats.
Black Basta: New ransomware threat aiming for the big league
The Black Basta ransomware gang has reached a high level of success in a short time and is possibly an offshoot of Conti and REvil.
Chinese APT group uses multiple backdoors in attacks on military and research organizations
The TA428 group has been successful by targeting known vulnerabilities and using known detection evasion techniques.
CISA releases IOCs for attacks exploiting Log4Shell in VMware Horizon and UAG
The investigation by the federal agency shows not only the indicators of compromise but also the reasons why the Log4j vulnerability will persist indefinitely.
Sophisticated UEFI rootkit of Chinese origin shows up again in the wild after 3 years
The malware infects system firmware to avoid detection and has claimed victims in China, Iran, Vietnam and Russia.
GPS trackers used for vehicle fleet management can be hijacked by hackers
At least one model of GPS tracking devices made by Chinese firm MiCODUS "lacks basic security protections needed to protect users from serious security issues."
Cyberespionage groups increasingly target journalists and media organizations
State-affiliated APT groups seek sensitive information and try to learn story sources by targeting journalists' email and social media accounts.
New speculative execution attack Retbleed impacts Intel and AMD CPUs
Unlike other speculative execution attacks like Spectre, Retbleed exploits return instructions rather than indirect jumps or calls.
Office 365 phishing campaign that can bypass MFA targets 10,000 organizations
The phishing web pages that this adversary-in-the-middle phishing campaign uses act as a proxy and pull content from the legitimate Office 365 login page.
Attacker groups adopt new penetration testing tool Brute Ratel
APT group's use of a legitimate pen-testing tool gives them stealth capabilities, allowing them to avoid detection by EDR and antivirus tools.
APT campaign targeting SOHO routers highlights risks to remote workers
The ZuoRAT remote access Trojan malware can compromise multiple router brands and likely has been active for years.
LockBit explained: How it has become the most popular ransomware
Criminal use of the LockBit ransomware as a service is growing rapidly thanks to updates to the malware and the decline of other ransomware gangs.
Zero-day flaw in Atlassian Confluence exploited in the wild since May
Atlassian has issued emergency patches for the vulnerability, which could allow attackers to perform remote code execution.
Dozens of insecure-by-design flaws found in OT products
The OT:ICEFALL report shows that makers of operational technology manufacturers have to improve the security of their devices.
APT actor ToddyCat hits government and military targets in Europe and Asia
The previously undocumented APT group has been targeting high-profile organizations in Asia and Europe for over a year.
Ransomware could target OneDrive and SharePoint files by abusing versioning configurations
A proof-of-concept exploit could make Office 365 or Microsoft 365 documents stored on OneDrive or SharePoint inaccessible.