Lucian Constantin

CSO Senior Writer

Lucian Constantin writes about information security, privacy, and data protection for CSO.

TrickBot returns with campaign against legal and insurance firms

TrickBot returns with campaign against legal and insurance firms

The new iteration of the TrickBot botnet, which had enabled Ryuk and other ransomware attacks, uses malicious links in emails rather than rogue email attachments.

Law enforcement takes over Emotet, one of the biggest botnets

Law enforcement takes over Emotet, one of the biggest botnets

Multi-national cooperation removes this key malware delivery service as a threat, at least temporarily.

SonicWall warns customers about zero-day vulnerabilities

SonicWall warns customers about zero-day vulnerabilities

Attack targets SonicWall's SMA Series access management gateways and is another in a string of incidents against security vendors.

Flaws in widely used dnsmasq software leave millions of Linux-based devices exposed

Flaws in widely used dnsmasq software leave millions of Linux-based devices exposed

A set of seven vulnerabilities, called DNSpooq, allows attackers to redirect users or execute malicious code. Patch dnsmasq now.

New Intel CPU-level threat detection capabilities target ransomware

New Intel CPU-level threat detection capabilities target ransomware

The new capabilities in the Intel mobile processors will make it harder for ransomware to avoid detection.

Hashing explained: Why it's your best bet to protect stored passwords

Hashing explained: Why it's your best bet to protect stored passwords

Hashing is a cryptographic process that makes it harder for attackers to decrypt stored passwords, if used correctly.

33 hardware and firmware vulnerabilities: A guide to the threats

33 hardware and firmware vulnerabilities: A guide to the threats

Meltdown and Spectre raised the alarm over vulnerabilities that attackers can exploit in popular hardware and its firmware. Here's a roundup of the ones that present the most significant threats.

SolarWinds attack explained: And why it was so hard to detect

SolarWinds attack explained: And why it was so hard to detect

A group believed to be Russia's Cozy Bear gained access to government and other systems through a compromised update to SolarWinds' Orion software. Most organizations aren't prepared for this sort of software supply chain attack.

FireEye breach explained: How worried should you be?

FireEye breach explained: How worried should you be?

The theft of red team tools, allegedly by Russia's Cozy Bear group, poses only a small threat to other organizations. The real lesson: Anyone can be hacked.

TrickBot explained: A multi-purpose crimeware tool that haunted businesses for years

TrickBot explained: A multi-purpose crimeware tool that haunted businesses for years

TrickBot is one of the longest-lived botnets on the internet and represents a major threat to businesses and other organizations because it serves as a distribution platform for the infamous Ryuk ransomware and other threat actors.

Russian state-sponsored hackers exploit vulnerability in VMware Workspace ONE

Russian state-sponsored hackers exploit vulnerability in VMware Workspace ONE

The exploit requires the attacker to have valid credentials, but experts advise patching regardless.

Publicly known support credentials expose GE Healthcare imaging devices to hacking

Publicly known support credentials expose GE Healthcare imaging devices to hacking

The vulnerability gives hackers a means to access sensitive data, execute malicious code on devices and impact their operation.

TrickBot gets new UEFI attack capability that makes recovery incredibly hard

TrickBot gets new UEFI attack capability that makes recovery incredibly hard

Researchers discover a new TrickBot module that allows malware to persist even after reformatting or replacing a hard drive.

Half of all Docker Hub images have at least one critical vulnerability

Half of all Docker Hub images have at least one critical vulnerability

New research reveals the scale at which criminals have exploited public open-source Docker repositories to plant malware among container images.

REvil ransomware explained: A widespread extortion operation

REvil ransomware explained: A widespread extortion operation

The REvil group, a.k.a. Sodinokibi, re-victimizes its targets by threatening to release stolen data even after the initial ransom demand is paid.

Intel SGX users need CPU microcode patch to block PLATYPUS secrets-leaking attack

Intel SGX users need CPU microcode patch to block PLATYPUS secrets-leaking attack

Attackers could use the vulnerability to access encryption keys from the Linux kernel's memory or Intel SGX enclaves.

Mercenary APT group CostaRicto hits organizations worldwide

Mercenary APT group CostaRicto hits organizations worldwide

This hacker-for-hire advanced persistent threat group uses its own custom malware and takes great effort to hide its activity.

Inside Atlassian's zero trust implementation

Inside Atlassian's zero trust implementation

Adrian Ludwig says Atlassian's zero-trust implementation was nearly complete when the pandemic hit. His advice: Define policies to cover all cases first.

14 controls for securing SAP systems in the cloud

14 controls for securing SAP systems in the cloud

Organizations often don't follow security best practices when deploying and managing complex SAP systems. This set of security controls from the Cloud Security Alliance aims to change that.

US Treasury Department ban on ransomware payments puts victims in tough position

US Treasury Department ban on ransomware payments puts victims in tough position

The Treasury Department's advisory warns companies not to pay ransoms to sanctioned entities. The move complicates ransomware incident response and might encourage insurance carriers to drop ransomware coverage.

Load More