UNITED STATES
×
Close
Lucian Constantin

Lucian Constantin

CSO Senior Writer

Lucian Constantin writes about information security, privacy, and data protection for CSO.

The Latest from Lucian
How data poisoning attacks corrupt machine learning models
Feature

How data poisoning attacks corrupt machine learning models

Data poisoning is a type of attack that involves tampering with and polluting a machine learning model's training data, impacting the model's ability to produce accurate predictions.

Top cybercrime gangs use targeted fake job offers to deploy stealthy backdoor
News Analysis

Top cybercrime gangs use targeted fake job offers to deploy stealthy backdoor

The Golden Chickens cybercriminal gang is believed to sell its more_eggs backdoor for spear phishing campaigns executed using information gleaned from victims' LinkedIn profiles.

PHP backdoor attempt shows need for better code authenticity verification
News Analysis

PHP backdoor attempt shows need for better code authenticity verification

Attackers were able to place malicious code in the PHP central code repository by impersonating key developers, forcing changes to the PHP Group's infrastructure.

Cloudflare wants to be your corporate network backbone with centralized management and security
News Analysis

Cloudflare wants to be your corporate network backbone with centralized management and security

Magic WAN and Magic Firewall aim to simplify linking sites and datacenters while allowing organizations to better enforce security policies.

Ryuk ransomware explained: A targeted, devastatingly effective attack
Feature

Ryuk ransomware explained: A targeted, devastatingly effective attack

Ryuk ransomware attacks are targeted to the most vulnerable, most likely to pay companies and are often paired with other malware such as TrickBot.

5 questions CISOs should be able to answer about software supply chain attacks
Feature

5 questions CISOs should be able to answer about software supply chain attacks

The SolarWinds attack put a spotlight on the threats that compromised third-party software present organizations. Here are the top questions executive management, boards and partners are asking CISOs about their preparedness.

New free software signing service aims to strengthen open-source ecosystem
News Analysis

New free software signing service aims to strengthen open-source ecosystem

The Linux Foundation's sigstore code-signing software, developed with Google, Red Hat and Purdue University, will help prevent attacks on the software supply chain.

Intel, Microsoft join DARPA effort to accelerate fully homomorphic encryption
News Analysis

Intel, Microsoft join DARPA effort to accelerate fully homomorphic encryption

The partnership aims to improve performance and accuracy of FHE to make it practical for business and government to better protect confidential data in the cloud.

Chinese cyberespionage group hacks US organizations with Exchange zero-day flaws
News Analysis

Chinese cyberespionage group hacks US organizations with Exchange zero-day flaws

Microsoft believes Chinese APT group Hafnium is using a set of previously unknown Exchange Server vulnerabilities to access mailbox contents and perform remote code execution.

Gootkit malware creators expand their distribution platform
News Analysis

Gootkit malware creators expand their distribution platform

Its Gootloader component infects computers by hijacking Google search results to send victims to legitimate but compromised websites where malware lurks behind links.

Dependency confusion explained: Another risk when using open-source repositories
Feature

Dependency confusion explained: Another risk when using open-source repositories

Dependency confusion is a newly discovered logic flaw in the default way software development tools pull third-party packages from public and private repositories. Here's what you need to know.

Egregor ransomware takes a hit after arrests in Ukraine
News Analysis

Egregor ransomware takes a hit after arrests in Ukraine

Ukrainian, French and US operation targets ransomware group members and takes down its infrastructure.

How ransomware negotiations work
Feature

How ransomware negotiations work

Here's what experienced negotiators say your organization should expect if it ever needs to pay a ransomware demand.

TrickBot returns with campaign against legal and insurance firms
News Analysis

TrickBot returns with campaign against legal and insurance firms

The new iteration of the TrickBot botnet, which had enabled Ryuk and other ransomware attacks, uses malicious links in emails rather than rogue email attachments.

Law enforcement takes over Emotet, one of the biggest botnets
News Analysis

Law enforcement takes over Emotet, one of the biggest botnets

Multi-national cooperation removes this key malware delivery service as a threat, at least temporarily.

SonicWall warns customers about zero-day vulnerabilities
News Analysis

SonicWall warns customers about zero-day vulnerabilities

Attack targets SonicWall's SMA Series access management gateways and is another in a string of incidents against security vendors.

Flaws in widely used dnsmasq software leave millions of Linux-based devices exposed
News Analysis

Flaws in widely used dnsmasq software leave millions of Linux-based devices exposed

A set of seven vulnerabilities, called DNSpooq, allows attackers to redirect users or execute malicious code. Patch dnsmasq now.

New Intel CPU-level threat detection capabilities target ransomware
News Analysis

New Intel CPU-level threat detection capabilities target ransomware

The new capabilities in the Intel mobile processors will make it harder for ransomware to avoid detection.

Hashing explained: Why it's your best bet to protect stored passwords
Feature

Hashing explained: Why it's your best bet to protect stored passwords

Hashing is a cryptographic process that makes it harder for attackers to decrypt stored passwords, if used correctly.

33 hardware and firmware vulnerabilities: A guide to the threats
Feature

33 hardware and firmware vulnerabilities: A guide to the threats

Meltdown and Spectre raised the alarm over vulnerabilities that attackers can exploit in popular hardware and its firmware. Here's a roundup of the ones that present the most significant threats.

Load More
Popular Resources
See All