UNITED STATES
×
Close
Lucian Constantin

Lucian Constantin

CSO Senior Writer

Lucian Constantin writes about information security, privacy, and data protection for CSO.

The Latest from Lucian
Cybercriminals bypass 2FA and OTP with robocalling and Telegram bots
News Analysis

Cybercriminals bypass 2FA and OTP with robocalling and Telegram bots

The automated bots are highly successful because they effectively emulate legitimate service providers.

Exchange Autodiscover feature can cause Outlook to leak credentials
News

Exchange Autodiscover feature can cause Outlook to leak credentials

A design issue in the Microsoft Exchange Autodiscover feature can cause Outlook and other third-party Exchange client applications to leak plaintext Windows domain credentials to external servers. Here’s what companies can do now to...

APT actors exploit flaw in ManageEngine single sign-on solution
News Analysis

APT actors exploit flaw in ManageEngine single sign-on solution

US government agencies urge immediate action to look for indicators of compromise and, if found, take recommended steps to mitigate.

How APTs become long-term lurkers: Tools and techniques of a targeted attack
News Analysis

How APTs become long-term lurkers: Tools and techniques of a targeted attack

A new McAfee report details the tools and techniques an APT group used to go undetected on a client network for over a year.

Critical flaw in Atlassian Confluence actively exploited
News

Critical flaw in Atlassian Confluence actively exploited

The remote code execution vulnerability was recently patched for affected versions of Atlassian Confluence Server and Data Center; users are advised to apply the patch or upgrade.

Cosmos DB users advised to regenerate their keys following serious vulnerability
News Analysis

Cosmos DB users advised to regenerate their keys following serious vulnerability

The Azure vulnerability, which affects only those using the Jupyter Notebook feature, gives attackers access to data in databases.

How ransomware runs the underground economy
Feature

How ransomware runs the underground economy

Ransomware gangs are adopting all the core elements of legitimate businesses—including defined staff roles, marketing plans, partner ecosystems, and even venture capital investments—and some hallmarks of more traditional criminal...

LockFile ransomware uses intermittent encryption to evade detection
News Analysis

LockFile ransomware uses intermittent encryption to evade detection

This newly discovered ransomware works fast, has multiple ways to avoid detection, and preys on Windows systems with known vulnerabilities.

OnePercent ransomware group hits companies via IceID banking Trojan
News Analysis

OnePercent ransomware group hits companies via IceID banking Trojan

This new, aggressive ransomware group also uses Cobalt Strike to move laterally across the network.

How attackers could exploit breached T-Mobile user data
Feature

How attackers could exploit breached T-Mobile user data

Follow-on attacks using stolen T-Mobile data are a real risk for victims. Here's how attackers can leverage that data to compromise accounts or launch phishing campaigns.

IoT devices have serious security deficiencies due to bad random number generation
News Analysis

IoT devices have serious security deficiencies due to bad random number generation

It's not the IoT vendors' fault. Lack of a cryptographically secure pseudo-random number generator subsystem for the internet of things devices will be vulnerable.

Wave of native IIS malware hits Windows servers
News Analysis

Wave of native IIS malware hits Windows servers

IIS malware presents diverse, persistent, and growing threats from old and new threat actors.

Serious flaws in widespread embedded TCP/IP stack endanger industrial control devices
News Analysis

Serious flaws in widespread embedded TCP/IP stack endanger industrial control devices

Critical vulnerabilities potentially affect millions of devices, but finding and patching them will be difficult.

Basic flaws put pneumatic tube transport systems in hospitals at risk
News Analysis

Basic flaws put pneumatic tube transport systems in hospitals at risk

Multiple vulnerabilities could allow persistent take-over and ransom demands by attackers.

APT group hits IIS web servers with deserialization flaws and memory-resident malware
News Analysis

APT group hits IIS web servers with deserialization flaws and memory-resident malware

Praying Mantis group is likely a nation-state actor that uses custom malware and is adept at avoiding detection.

Why code reuse is still a security nightmare
News Analysis

Why code reuse is still a security nightmare

Despite best efforts to track software dependencies, blind spots still exist leading to silent vulnerabilities in software.

US charges four suspected Chinese spies who coordinated APT40 hackers
News Analysis

US charges four suspected Chinese spies who coordinated APT40 hackers

The government outlines how APT40 conducted its Microsoft Exchange Server attack and offers advice to defend against nation-state threats.

REvil gang suddenly goes silent leaving victims unable to recover systems
News Analysis

REvil gang suddenly goes silent leaving victims unable to recover systems

All REvil websites went offline on Tuesday, leaving security experts and victims to speculate on the reason why.

Authentication bypass allows complete takeover of Modicon PLCs used across industries
News Analysis

Authentication bypass allows complete takeover of Modicon PLCs used across industries

The vulnerability could allow attackers to insert malicious code and easily avoid detection.

PrintNightmare vulnerability explained: Exploits, patches, and workarounds
News Analysis

PrintNightmare vulnerability explained: Exploits, patches, and workarounds

Public exploits are available for a remote code execution vulnerability in the Windows Print Spooler that could allow attackers to take full control of systems. The vulnerability affects all editions of Windows and organizations are...

Load More
Popular Resources
See All