Lucian Constantin

CSO Senior Writer

Lucian Constantin writes about information security, privacy, and data protection for CSO.

Sophisticated BEC scammers bypass Microsoft 365 multi-factor authentication

Sophisticated BEC scammers bypass Microsoft 365 multi-factor authentication

Analysis of the BEC campaign reveal weaknesses in Microsoft's authentication system.

New ransomware HavanaCrypt poses as Google software update

New ransomware HavanaCrypt poses as Google software update

The HavanaCrypt ransomware has data exfiltration capabilities and goes to great lengths to avoid analysis.

"Evil PLC Attack" weaponizes PLCs to infect engineering workstations

Researchers demonstrate a proof of concept where hijacked programmable logic controllers can compromise engineering workstations to allow lateral movement.

New exploits can bypass Secure Boot and modern UEFI security protections

New exploits can bypass Secure Boot and modern UEFI security protections

Two research groups demonstrate PC firmware vulnerabilities that are difficult to mitigate and likely to be exploited in the wild.

37 hardware and firmware vulnerabilities: A guide to the threats

37 hardware and firmware vulnerabilities: A guide to the threats

Meltdown and Spectre raised the alarm over vulnerabilities that attackers can exploit in popular hardware and its firmware. This list, though not comprehensive, presents the most significant threats.

Black Basta: New ransomware threat aiming for the big league

Black Basta: New ransomware threat aiming for the big league

The Black Basta ransomware gang has reached a high level of success in a short time and is possibly an offshoot of Conti and REvil.

Chinese APT group uses multiple backdoors in attacks on military and research organizations

Chinese APT group uses multiple backdoors in attacks on military and research organizations

The TA428 group has been successful by targeting known vulnerabilities and using known detection evasion techniques.

CISA releases IOCs for attacks exploiting Log4Shell in VMware Horizon and UAG

CISA releases IOCs for attacks exploiting Log4Shell in VMware Horizon and UAG

The investigation by the federal agency shows not only the indicators of compromise but also the reasons why the Log4j vulnerability will persist indefinitely.

Sophisticated UEFI rootkit of Chinese origin shows up again in the wild after 3 years

Sophisticated UEFI rootkit of Chinese origin shows up again in the wild after 3 years

The malware infects system firmware to avoid detection and has claimed victims in China, Iran, Vietnam and Russia.

GPS trackers used for vehicle fleet management can be hijacked by hackers

GPS trackers used for vehicle fleet management can be hijacked by hackers

At least one model of GPS tracking devices made by Chinese firm MiCODUS "lacks basic security protections needed to protect users from serious security issues."

Cyberespionage groups increasingly target journalists and media organizations

Cyberespionage groups increasingly target journalists and media organizations

State-affiliated APT groups seek sensitive information and try to learn story sources by targeting journalists' email and social media accounts.

New speculative execution attack Retbleed impacts Intel and AMD CPUs

New speculative execution attack Retbleed impacts Intel and AMD CPUs

Unlike other speculative execution attacks like Spectre, Retbleed exploits return instructions rather than indirect jumps or calls.

Office 365 phishing campaign that can bypass MFA targets 10,000 organizations

Office 365 phishing campaign that can bypass MFA targets 10,000 organizations

The phishing web pages that this adversary-in-the-middle phishing campaign uses act as a proxy and pull content from the legitimate Office 365 login page.

Attacker groups adopt new penetration testing tool Brute Ratel

Attacker groups adopt new penetration testing tool Brute Ratel

APT group's use of a legitimate pen-testing tool gives them stealth capabilities, allowing them to avoid detection by EDR and antivirus tools.

APT campaign targeting SOHO routers highlights risks to remote workers

APT campaign targeting SOHO routers highlights risks to remote workers

The ZuoRAT remote access Trojan malware can compromise multiple router brands and likely has been active for years.

LockBit explained: How it has become the most popular ransomware

LockBit explained: How it has become the most popular ransomware

Criminal use of the LockBit ransomware as a service is growing rapidly thanks to updates to the malware and the decline of other ransomware gangs.

Zero-day flaw in Atlassian Confluence exploited in the wild since May

Zero-day flaw in Atlassian Confluence exploited in the wild since May

Atlassian has issued emergency patches for the vulnerability, which could allow attackers to perform remote code execution.

Dozens of insecure-by-design flaws found in OT products

Dozens of insecure-by-design flaws found in OT products

The OT:ICEFALL report shows that makers of operational technology manufacturers have to improve the security of their devices.

APT actor ToddyCat hits government and military targets in Europe and Asia

APT actor ToddyCat hits government and military targets in Europe and Asia

The previously undocumented APT group has been targeting high-profile organizations in Asia and Europe for over a year.

Ransomware could target OneDrive and SharePoint files by abusing versioning configurations

Ransomware could target OneDrive and SharePoint files by abusing versioning configurations

A proof-of-concept exploit could make Office 365 or Microsoft 365 documents stored on OneDrive or SharePoint inaccessible.

Load More