Lucian Constantin

CSO Senior Writer

Lucian Constantin writes about information security, privacy, and data protection for CSO.

Microsoft urges Windows customers to patch wormable RDP flaw

The second Meltdown: New Intel CPU attacks leak secrets

The second Meltdown: New Intel CPU attacks leak secrets

Intel has done some mitigations for these vulnerabilities that can leak secrets from virtual machines, secure enclaves and kernel memory. Here's how the attacks work.

New Intel firmware boot verification bypass enables low-level backdoors

New Intel firmware boot verification bypass enables low-level backdoors

By replacing a PC's SPI flash chip with one that contains rogue code, an attacker can can gain full, persistent access.

Public SAP exploits could enable attacks against thousands of companies

Public SAP exploits could enable attacks against thousands of companies

A recently released exploit takes advantage of a known configuration vulnerability that persists among many on-premise and cloud SAP instances. Here's what companies using SAP should do.

Researchers warn of unpatched vulnerability in Oracle WebLogic Server

Researchers warn of unpatched vulnerability in Oracle WebLogic Server

Detected scans suggest attacker are seeking vulnerable servers to target for attacks.

GandCrab attackers exploit recently patched Confluence vulnerability

GandCrab attackers exploit recently patched Confluence vulnerability

If your company uses Confluence, make sure you have the latest available patches for this vulnerability.

Group behind TRITON industrial sabotage malware made more victims

Group behind TRITON industrial sabotage malware made more victims

The attackers stayed undetected on the victim's network for more than a year and sought out operational technology networks.

Magecart payment card skimmer gang returns stronger than ever

Magecart payment card skimmer gang returns stronger than ever

Web-based card skimmers are becoming harder to detect and remove thanks to evolving techniques.

Hackers use Slack to hide malware communications

Hackers use Slack to hide malware communications

A watering hole attack used Slack for its command-and-control communications to avoid network and endpoint detection.

One in three organizations suffered data breaches due to mobile devices

One in three organizations suffered data breaches due to mobile devices

New Verizon report shows a big gap between organizations' mobile security risk concerns and mobile security best practices they implement.

Qbot malware resurfaces in new attack against businesses

Qbot malware resurfaces in new attack against businesses

This new persistent and difficult-to-detect Qbot version is designed to steal financial information.

Elasticsearch clusters face attacks from multiple hacker groups

Elasticsearch clusters face attacks from multiple hacker groups

If you are running an older version of Elasticsearch, make sure you've patched its known vulnerabilities or consider upgrading.

Load More