Lucian Constantin

CSO Senior Writer

Lucian Constantin writes about information security, privacy, and data protection for CSO.

PyTorch suffers supply chain attack via dependency confusion

PyTorch suffers supply chain attack via dependency confusion

A rogue packet on the machine learning framework allowed the attacker to exfiltrate data, including SSH keys.

Ransomware ecosystem becoming more diverse for 2023

Ransomware ecosystem becoming more diverse for 2023

The decline of big ransomware groups like Conti and REvil has given rise to smaller gangs, presenting a threat intelligence challenge.

Log4Shell remains a big threat and a common cause for security breaches

Log4Shell remains a big threat and a common cause for security breaches

Log4Shell is likely to remain a favored vulnerability to exploit as organizations lack visibility into their software supply chains.

Cuba ransomware group used Microsoft developer accounts to sign malicious drivers

Cuba ransomware group used Microsoft developer accounts to sign malicious drivers

The ransomware gang was able to use signed malicious drivers to disable endpoint security tools. Microsoft has revoked the certificates.

New Royal ransomware group evades detection with partial encryption

New Royal ransomware group evades detection with partial encryption

The tactics used by the Royal ransomware group allow for fast and stealthy encryption and share similarities with the defunct Conti group.

JSON-based SQL injection attacks trigger need to update web application firewalls

JSON-based SQL injection attacks trigger need to update web application firewalls

Newly discovered method uses JSON syntax to deliver malicious payloads that bypass SQLi protections in popular WAFs.

Flaws in MegaRAC baseband management firmware impact many server brands

Flaws in MegaRAC baseband management firmware impact many server brands

The newly discovered vulnerabilities could allow attackers to gain control of servers that use AMI's MegaRAC BMC firmware.

Researchers found security pitfalls in IBM’s cloud infrastructure

Researchers found security pitfalls in IBM’s cloud infrastructure

A demonstrated attack by cybersecurity researchers in IBM’s cloud infrastructure allowed them access to the internal server used to build database images for customer deployments.

Software projects face supply chain security risk due to insecure artifact downloads via GitHub Actions

Software projects face supply chain security risk due to insecure artifact downloads via GitHub Actions

Cybersecurity researchers found risks in the GitHub Actions platform that could enable attackers to inject malicious code into software projects and initiate a supply chain attack.

What is Ransom Cartel? A ransomware gang focused on reputational damage

What is Ransom Cartel? A ransomware gang focused on reputational damage

The group combines data encryption with data theft and threatens to release stolen information on their website. But Ransom Cartel ups its game by threatening to send sensitive information to victim’s partners, competitors, and news...

Here is why you should have Cobalt Strike detection in place

Here is why you should have Cobalt Strike detection in place

Abusing variants of legitimate penetration testing tools has become a standard tactic for many attackers seeking to fool security teams. Cobalt Strike is among the attack frameworks used by red teams and cyber specialists should be on...

DUCKTAIL malware campaign targeting Facebook business and ads accounts is back

DUCKTAIL malware campaign targeting Facebook business and ads accounts is back

The spear phishing group has revised its tactics and is employing more sophisticated techniques and tactics based on what appears to be extensive research into Facebook business and ads management accounts.

Online retailers should prepare for a holiday season spike in bot-operated attacks

Online retailers should prepare for a holiday season spike in bot-operated attacks

On the naughty list this year are a host of bad actors employing a huge variety of different bot attacks that can have a big impact on retail websites. Fortunately, there are steps cybersecurity professionals can take to mitigate the...

Researchers show techniques for malware persistence on F5 and Citrix load balancers

Researchers show techniques for malware persistence on F5 and Citrix load balancers

Tests show that deploying malware in a persistent manner on load balancer firmware is within reach of less sophisticated attackers.

OpenSSL project patches two vulnerabilities but downgrades severity

OpenSSL project patches two vulnerabilities but downgrades severity

The two vulnerabilities in OpenSSL 3.0 are now rated as high rather than critical severity after further testing.

With Conti gone, LockBit takes lead of the ransomware threat landscape

With Conti gone, LockBit takes lead of the ransomware threat landscape

Two new reports show LockBit is now the dominate ransomware choice thanks to a void left by Conti and updated code.

Attackers switch to self-extracting password-protected archives to distribute email malware

Attackers switch to self-extracting password-protected archives to distribute email malware

This variation on an old technique does not require the victim to provide a password to execute the malware.

Supply chain attacks increased over 600% this year and companies are falling behind

Supply chain attacks increased over 600% this year and companies are falling behind

Most companies believe they are using no open-source software libraries with known vulnerabilities, but new research finds them in 68% of selected enterprise applications.

New Chinese attack framework Alchimist serves Windows, Linux, and macOS implants

New Chinese attack framework Alchimist serves Windows, Linux, and macOS implants

Alchimist is easy to deploy and gives attackers a large suite of functionalities with which they can wreak havoc.

Researchers extract master encryption key from Siemens PLCs

Researchers extract master encryption key from Siemens PLCs

Global encryption keys were hardcoded on some programmable logic controller product lines. Siemens recommends upgrading all affected devices.

Load More