Lucian Constantin

CSO Senior Writer

Lucian Constantin writes about information security, privacy, and data protection for CSO.

SMS-based provisioning messages enable advanced phishing on Android phones

SMS-based provisioning messages enable advanced phishing on Android phones

Attackers can use this vulnerability to send highly credible phishing messages. Victims' internet traffic is then routed through the attacker's proxy.

Insecure virtual USB feature in Supermicro BMCs exposes servers to attack

Insecure virtual USB feature in Supermicro BMCs exposes servers to attack

Security researchers have found a way to attach virtual USB devices remotely to Supermicro servers, including over the internet, by abusing a feature in their baseband management controller software.

What is Wireguard? Secure, simple VPN still in development

What is Wireguard? Secure, simple VPN still in development

The Wireguard VPN offers better performance and a simpler, effective approach to cryptography. Is it ready for the enterprise?

More critical Remote Desktop flaws expose Windows systems to hacking

More critical Remote Desktop flaws expose Windows systems to hacking

Microsoft finds and fixes multiple RDS and RDP vulnerabilities in Windows, but new research on BlueKeep patch rates suggests many machines could remain exposed.

ICS security: Popular building management system vulnerable to takeover

ICS security: Popular building management system vulnerable to takeover

Remotely exploitable vulnerability in internet-connected devices gives attackers a means to cause disruption and damage in a wide range of industries.

Popular Avaya enterprise VoIP phones are vulnerable to hacking

Popular Avaya enterprise VoIP phones are vulnerable to hacking

Attackers can use the vulnerability to gain complete control of the phone. It underscores the risks of using old open-source code in IoT devices.

New Spectre-like CPU vulnerability bypasses existing defenses

New Spectre-like CPU vulnerability bypasses existing defenses

The SWAPGS vulnerability can allow attackers to access contents of kernel memory addresses. Microsoft and Intel have coordinated on a mitigation.

Critical VxWorks flaws expose millions of devices to hacking

Critical VxWorks flaws expose millions of devices to hacking

Researchers have found 11 serious vulnerabilities in VxWorks, the world's most popular real-time operating system (RTOS) that powers over 2 billion devices including enterprise network firewalls and routers, industrial controllers and...

11 top DEF CON and Black Hat talks of all time

11 top DEF CON and Black Hat talks of all time

Hacker summer camp in Vegas is almost upon us again. Here are some of the best talks of all time. Will this year's talks measure up to these legends?

31 hardware and firmware vulnerabilities: A guide to the threats

31 hardware and firmware vulnerabilities: A guide to the threats

Meltdown and Spectre raised the alarm over vulnerabilities that attackers can exploit in popular hardware and its firmware. Here's a roundup of the ones that present the most significant threats.

Companies with zero-trust network security move toward biometric authentication

Companies with zero-trust network security move toward biometric authentication

According to new research, more companies are enabling biometric authentication on devices to verify access requests.

What is adware? How it works and how to protect against it

What is adware? How it works and how to protect against it

Adware is deceptive software that earns its creators money through fraudulent user clicks. Fortunately, it's one of the the most detectable types of malware.

OpenSSH to protect keys in memory against side-channel attacks

OpenSSH to protect keys in memory against side-channel attacks

The new OpenSSH patch makes it harder to execute attacks such as Spectre, Meltdown, Rowhammer and Rambleed.

New MongoDB field-level encryption can help prevent data breaches

New MongoDB field-level encryption can help prevent data breaches

MongoDB aims to prevent exposed data stores by encrypting data in a way that makes it useless if compromised.

Rowhammer variant RAMBleed allows attackers to steal secrets from RAM

Rowhammer variant RAMBleed allows attackers to steal secrets from RAM

Unlike Rowhammer, which only allows for data corruption, the newly discovered RAMBleed vulnerability provides a way to grab data such as encryption keys from memory.

From phish to network compromise in two hours: How Carbanak operates

From phish to network compromise in two hours: How Carbanak operates

Cybercriminal group Carbanak has stolen hundreds of millions of dollars from financial institutions. Here's a detailed analysis by Bitdefender of an attack on one bank.

Phishing attacks that bypass 2-factor authentication are now easier to execute

Phishing attacks that bypass 2-factor authentication are now easier to execute

Researchers released two tools--Muraen and NecroBrowser--that automate phishing attacks that can bypass 2FA. Most defenses won't stop them.

Public SAP exploits could enable attacks against thousands of companies

Public SAP exploits could enable attacks against thousands of companies

A recently released exploit takes advantage of a known configuration vulnerability that persists among many on-premise and cloud SAP instances. Here's what companies using SAP should do.

Over 90% of data transactions on IoT devices are unencrypted

Over 90% of data transactions on IoT devices are unencrypted

A report from Zscaler reveals some troubling facts about the risks posed by network-connected IoT devices.

Microsoft urges Windows customers to patch wormable RDP flaw

Microsoft urges Windows customers to patch wormable RDP flaw

A newly found vulnerability allows remote exploits using the Remote Desktop Protocol to gain full access to systems with no authentication.

Load More