Lucian Constantin

CSO Senior Writer

Lucian Constantin writes about information security, privacy, and data protection for CSO.

Cybercriminal group mails malicious USB dongles to targeted companies

Chinese hacker group APT41 uses recent exploits to target companies worldwide

Chinese hacker group APT41 uses recent exploits to target companies worldwide

APT41 has compromised devices and applications from Cisco, Citrix and Zoho across many industries worldwide at a time when many companies are less able to respond.

COVID-19 offers a unique opportunity to pilot zero trust, rapidly and at scale

COVID-19 offers a unique opportunity to pilot zero trust, rapidly and at scale

A zero-trust model addresses many of the security concerns around supporting large numbers of remote workers, and new vendor free trials make fast deployment possible.

Credit card skimmers explained: How they work and how to protect yourself

Credit card skimmers explained: How they work and how to protect yourself

A card skimmer is a device designed to steal information stored on payment cards when consumers perform transactions at ATMs, gas pumps and other payment terminals. More recently, the use of the term has been extended to include...

New CPU attack technique can leak secrets from Intel SGX enclaves

New CPU attack technique can leak secrets from Intel SGX enclaves

The Load Value Injection attack can bypass security boundaries and mitigations put in place for other CPU vulnerabilities such as Spectre and Meltdown.

How Visa built its own container security solution

How Visa built its own container security solution

The homegrown solution takes advantage of the native capabilities that already exist on container orchestration platforms and is primarily built on top of open-source tools and libraries.

Intel CSME flaw is unpatchable, researchers warn

Intel CSME flaw is unpatchable, researchers warn

Researchers reveal that a previously known Intel flaw is unpatchable and could allow attackers to compromise the cryptographic chain of trust in Intel systems.

Lack of firmware validation for computer peripherals enables highly persistent attacks

Lack of firmware validation for computer peripherals enables highly persistent attacks

Vulnerabilities in unvalidated peripheral firmware such as WiFi adapters, cameras, and network interface controllers give attackers control over systems.

Infrastructure-as-code templates are the source of many cloud infrastructure weaknesses

Infrastructure-as-code templates are the source of many cloud infrastructure weaknesses

A new report shows a high percentage of IaC template misconfigurations in cloud deployments that leave them vulnerable to attack.

Implementation flaws make LoRaWAN networks vulnerable to attack

Implementation flaws make LoRaWAN networks vulnerable to attack

New report from IOActive details implementation errors that expose LoRaWAN networks to attack and provides a framework for mitigating the risk.

Magecart-related arrests made in Indonesia

Magecart-related arrests made in Indonesia

The three individuals arrested represent only a small portion of the Magecart web-skimming group, but the investigation is ongoing.

Insecure configurations expose GE Healthcare devices to attacks

Insecure configurations expose GE Healthcare devices to attacks

The six high-risk vulnerabilities result from hard-coded or no credentials in remote access software and the use of outdated applications.

Load More