Lucian Constantin

CSO Senior Writer

Lucian Constantin writes about information security, privacy, and data protection for CSO.

Weakness in Zoom for macOS allows local attackers to hijack camera and microphone

Attack campaign hits thousands of MS-SQL servers for two years

Attack campaign hits thousands of MS-SQL servers for two years

Newly discovered Vollgar attack uses brute force to infect vulnerable Microsoft SQL servers at a high rate.

Cybercriminal group mails malicious USB dongles to targeted companies

Cybercriminal group mails malicious USB dongles to targeted companies

Shown as a proof-of-concept in 2014, this is the first known use of the BadUSB exploit in the wild.

Chinese hacker group APT41 uses recent exploits to target companies worldwide

Chinese hacker group APT41 uses recent exploits to target companies worldwide

APT41 has compromised devices and applications from Cisco, Citrix and Zoho across many industries worldwide at a time when many companies are less able to respond.

COVID-19 offers a unique opportunity to pilot zero trust, rapidly and at scale

COVID-19 offers a unique opportunity to pilot zero trust, rapidly and at scale

A zero-trust model addresses many of the security concerns around supporting large numbers of remote workers, and new vendor free trials make fast deployment possible.

Credit card skimmers explained: How they work and how to protect yourself

Credit card skimmers explained: How they work and how to protect yourself

A card skimmer is a device designed to steal information stored on payment cards when consumers perform transactions at ATMs, gas pumps and other payment terminals. More recently, the use of the term has been extended to include...

New CPU attack technique can leak secrets from Intel SGX enclaves

New CPU attack technique can leak secrets from Intel SGX enclaves

The Load Value Injection attack can bypass security boundaries and mitigations put in place for other CPU vulnerabilities such as Spectre and Meltdown.

How Visa built its own container security solution

How Visa built its own container security solution

The homegrown solution takes advantage of the native capabilities that already exist on container orchestration platforms and is primarily built on top of open-source tools and libraries.

Intel CSME flaw is unpatchable, researchers warn

Intel CSME flaw is unpatchable, researchers warn

Researchers reveal that a previously known Intel flaw is unpatchable and could allow attackers to compromise the cryptographic chain of trust in Intel systems.

Lack of firmware validation for computer peripherals enables highly persistent attacks

Lack of firmware validation for computer peripherals enables highly persistent attacks

Vulnerabilities in unvalidated peripheral firmware such as WiFi adapters, cameras, and network interface controllers give attackers control over systems.

Infrastructure-as-code templates are the source of many cloud infrastructure weaknesses

Infrastructure-as-code templates are the source of many cloud infrastructure weaknesses

A new report shows a high percentage of IaC template misconfigurations in cloud deployments that leave them vulnerable to attack.

Implementation flaws make LoRaWAN networks vulnerable to attack

Implementation flaws make LoRaWAN networks vulnerable to attack

New report from IOActive details implementation errors that expose LoRaWAN networks to attack and provides a framework for mitigating the risk.

Load More