

Lucian Constantin
CSO Senior Writer
Lucian Constantin writes about information security, privacy, and data protection for CSO.

Use of cloud collaboration tools surges and so do attacks
Some industries have seen increases in cloud-related threat events rise as much as 1,350% since the COVID-19 crisis began.

New ransomware Jaff demands $3,700 payments
The new ransomware program is distributed via mass email spam sent by the Necurs botnet

Microsoft finally bans SHA-1 certificates in Internet Explorer, Edge
All SHA-1 certificates that chain back to publicly trusted certificate authorities will be blocked, but enterprise and self-signed certificates won't be affected

Snake cyberespionage malware is ready to bite Mac users
One of the most sophisticated cyberespionage groups is readying its malware framework to attack macOS
Xen hypervisor faces third highly critical VM escape bug in 10 months
The Xen paravirtualization mode is proving to be a constant source of serious vulnerabilities, allowing attackers to escape from virtual machines

Android patches critical flaws in media handling, hardware drivers
The Android security bulletin for May covered fixes for over 100 vulnerabilities
Network management vulnerability exposes cable modems to hacking
SNMP authentication bypass flaw could be used to hijack hundreds of thousands of cable modems from around the world
Webroot deletes Windows files and causes serious problems for users
The company's antivirus product erroneously flagged files in a Windows folder as malicious
Russian man receives longest-ever prison sentence in the US for hacking
The son of Russian parliament member Valery Seleznev was sentenced to 27 years in prison for cybercrime-related offences
Flaws let attackers hijack multiple Linksys router models
Two dozen Linksys router models are exposed to attacks that could extract sensitive information from their configurations, cause them to become unresponsive and even completely take them over.

Oracle fixes Struts and Shadow Brokers exploits in huge patch release
The quarterly Oracle patch update fixes a record 299 security vulnerabilities