Lucian Constantin
CSO Senior Writer
Lucian Constantin writes about information security, privacy, and data protection for CSO.
Spring4Shell patching is going slow but risk not comparable to Log4Shell
More tools to identify vulnerable applications and options to mitigate the risk from Spring4Shell are also now available.
Remote code execution flaws in Spring and Spring Cloud frameworks put Java apps at risk
Users are urged to update both the Spring Framework and Spring Boot tool.
US charges Russian government agents for cyberattacks on critical infrastructure
Two sets of attacks used Triton and Havex malware to infiltrate industrial control systems at energy organizations in the US and abroad.
Developer sabotages own npm module prompting open-source supply chain security questions
The node-ipc developer attempt to protest Russia's attack on Ukraine has the unintended consequence of casting more doubt in software supply chain integrity.
New ransomware LokiLocker bundles destructive wiping component
LokiLocker also uses an unusual obfuscation technique to avoid detection.
Dirty Pipe root Linux vulnerability can also impact containers
Researchers have shown that the Dirty Pipe vulnerability can be used to modify protected files and gain root rights.
New attack bypasses hardware defenses for Spectre flaw in Intel and ARM CPUs
Though not as easy to exploit, this proof of concept shows that some Intel and ARM processors are still vulnerable to side-channel attacks.
Critical flaws in APC uninterruptible power supplies poses risks to mission-critical devices
Attackers can exploit cloud-connected APC Smart-UPS units to take control of the devices they protect.
Critical flaws in remote management agent impacts thousands of medical devices
The Axeda platform, used by hundreds of IoT devices, has seven vulnerabilities, three of which allow for remote code execution.
Nvidia hackers release code-signing certificates that malware can abuse
Researchers have already found example of malicious files signed with the stolen certificates.
Conti gang says it's ready to hit critical infrastructure in support of Russian government
The ransomware group's claims follow a threat from the hacktivist group Anonymous to conduct cyberattacks against Russian targets.
TrickBot operators slowly abandon the botnet and replace it with Emotet
Researchers believe the group behind TrickBot are moving the infected devices it controls to the newer, more difficult to detect Emotet malware.
Dangerous privilege escalation bugs found in Linux package manager Snap
Newly discovered Snap flaw allows a low-privileged user to gain root access.
ShadowPad has become the RAT of choice for several state-sponsored Chinese APTs
New research links the ShadowPad remote-access Trojan to China's Ministry of State Security and the People's Liberation Army.
CISA warns about 15 actively exploited vulnerabilities
The high-severity vulnerabilities that CISA has added to its patch-now list include SeriousSAM privilege escalation and SMB remote code execution.
Google Cloud adds agentless threat detection to virtual machine workloads
Virtual Machine Threat Detection at first will target cryptominers running on virtual servers. Detecting ransomware, Trojans, and other malware is coming.
Argo CD flaw puts cloud infrastructure at risk
The flaw could allow attackers to gain access to files, environment settings and secret tokens from the central repository server.
Iranian APT group uses previously undocumented Trojan for destructive access to organizations
The Moses Staff group's main target is Israel, but has recently launched attacks on organizations in other countries including India, Germany and the U.S.
Target releases web skimming detection tool Merry Maker as open source
The open-source tool simulates online browsing and shopping to identify malicious code meant to steal payment card information on retailers' websites.