UNITED STATES
×
Close
Lucian Constantin

Lucian Constantin

CSO Senior Writer

Lucian Constantin writes about information security, privacy, and data protection for CSO.

The Latest from Lucian
11 top DEF CON and Black Hat talks of all time
Feature

11 top DEF CON and Black Hat talks of all time

Hacker summer camp is almost upon us again. Here are some of the best talks of all time. Will this year's virtual talks measure up to these legends?

Twitter VIP account hack highlights the danger of insider threats
News Analysis

Twitter VIP account hack highlights the danger of insider threats

The account compromise raises questions about Twitter's controls. Experts weigh in on best practices for mitigating risk from malicious or accidental insider threats.

Wormable DNS flaw endangers all Windows servers
News Analysis

Wormable DNS flaw endangers all Windows servers

The SIGRed vulnerability can spread malware across a network without user interaction. Microsoft has issued an urgent patch.

Google Cloud steps up security and compliance for applications, government
News Analysis

Google Cloud steps up security and compliance for applications, government

New Google Cloud offerings Confidential VMs and Assured Workloads for Government provide in-process data encryption and the ability to restrict storage locations, respectively.

Critical flaw allows hackers to breach SAP systems with ease
News Analysis

Critical flaw allows hackers to breach SAP systems with ease

SAP NetWeaver Application Server Java vulnerability can be exploited without authentication and lead to complete system takeover. Patch now.

Privilege escalation explained: Why these flaws are so valuable to hackers
Feature

Privilege escalation explained: Why these flaws are so valuable to hackers

Attackers use privilege escalation flaws to gain access to systems and applications. Patching and monitoring are the most important ways to stop them.

Vulnerable drivers can enable crippling attacks against ATMs and POS systems
News Analysis

Vulnerable drivers can enable crippling attacks against ATMs and POS systems

Newly discovered vulnerabilities could allow more persistent and destructive attacks on popular models of ATM and POS devices.

Critical flaws in embedded TCP/IP library impact millions of IoT devices across industries
News Analysis

Critical flaws in embedded TCP/IP library impact millions of IoT devices across industries

The memory corruption flaws exist in a wide range of commercial and consumer devices, and can allow full takeover of them.

Enterprise internet attack surface is growing, report shows
News Analysis

Enterprise internet attack surface is growing, report shows

Attackers are taking advantage of the COVID-19 crisis to exploit pre-existing and newly introduced vulnerabilities across a wide range of attack points.

Local attackers can use Group Policy flaw to take over enterprise Windows systems
News Analysis

Local attackers can use Group Policy flaw to take over enterprise Windows systems

Microsoft issues a patch to fix a flaw that could allow compromised non-privileged user accounts to place malicious DLLs on a system.

Install latest SAP Adaptive Server Enterprise patches, experts urge
News Analysis

Install latest SAP Adaptive Server Enterprise patches, experts urge

If left unpatched, these SAP ASE vulnerabilities could give attackers full control of databases and servers.

Cloud infrastructure operators should quickly patch VMware Cloud Director flaw
News Analysis

Cloud infrastructure operators should quickly patch VMware Cloud Director flaw

Left unpatched, this command injection flaw could allow attackers to take control of a virtualized cloud infrastructure.

Use of cloud collaboration tools surges and so do attacks
News Analysis

Use of cloud collaboration tools surges and so do attacks

Some industries have seen increases in cloud-related threat events rise as much as 1,350% since the COVID-19 crisis began.

Cloud configuration drift leaves organizations open to attack, research finds
News Analysis

Cloud configuration drift leaves organizations open to attack, research finds

Undocumented cloud configuration changes, whether done by attackers or for legitimate business reasons, present a significant security threat.

Cisco and Palo Alto Networks appliances impacted by Kerberos authentication bypass
News Analysis

Cisco and Palo Alto Networks appliances impacted by Kerberos authentication bypass

The shared vulnerability could enable man-in-the-middle attacks, and it could exist on other devices. Patch now.

Ryuk ransomware explained: A targeted, devastatingly effective attack
Feature

Ryuk ransomware explained: A targeted, devastatingly effective attack

Ryuk ransomware attacks are targeted to the most vulnerable, most likely to pay companies and are often paired with other malware such as TrickBot.

Attacks against internet-exposed RDP servers surging during COVID-19 pandemic
News Analysis

Attacks against internet-exposed RDP servers surging during COVID-19 pandemic

Two new reports show a dramatic increase in cyber attacks that target open RDP ports as more people work remotely.

32 hardware and firmware vulnerabilities: A guide to the threats
Feature

32 hardware and firmware vulnerabilities: A guide to the threats

Meltdown and Spectre raised the alarm over vulnerabilities that attackers can exploit in popular hardware and its firmware. Here's a roundup of the ones that present the most significant threats.

Cloud servers hacked via critical SaltStack vulnerabilities
News Analysis

Cloud servers hacked via critical SaltStack vulnerabilities

Attackers were quick to exploit recently announced vulnerabilities to deploy cryptominers. Patch Salt now.

COVID-19 attack campaigns target hardest hit regions, research shows
News Analysis

COVID-19 attack campaigns target hardest hit regions, research shows

Attackers shift their focus to where coronavirus infections are rising and use tactics that make their efforts hard to block.

Load More
Popular Resources
See All