Lucian Constantin

CSO Senior Writer

Lucian Constantin writes about information security, privacy, and data protection for CSO.

DNS record will help prevent unauthorized SSL certificates

DNS record will help prevent unauthorized SSL certificates

Starting in September, certificate authorities will be required to honor a new DNS record that specifies who is authorized to issue certificates for a domain

IoT malware starts showing destructive behavior

IoT malware starts showing destructive behavior

Hackers have started adding data-wiping routines to malware that's designed to infect internet-of-things and other embedded devices.

A free decryption tool is now available for all Bart ransomware versions

A free decryption tool is now available for all Bart ransomware versions

Antivirus vendor Bitdefender has released a free decryption tool that works for any files affected by the Bart ransomware.

Millions of websites affected by unpatched flaw in Microsoft IIS 6 web server

Millions of websites affected by unpatched flaw in Microsoft IIS 6 web server

A proof-of-concept exploit has been published for a zero-day vulnerability in Microsoft Internet Information Services 6.0, a version of the web server that's no longer supported

Open-source developers targeted in sophisticated malware attack

Open-source developers targeted in sophisticated malware attack

Attackers have targeted developers present on GitHub since January with an information-stealing program called Dimnie

Open-source developers targeted in sophisticated malware attack

Open-source developers targeted in sophisticated malware attack

Developers who publish their code on GitHub have been targeted in an attack campaign that uses a little known but potent cyberespionage malware.

VMware patches critical virtual machine escape flaws

VMware patches critical virtual machine escape flaws

Four vulnerabilities demonstrated during the Pwn2Own hacking contest were fixed in VMware ESXi, Workstation and Fusion.

Trojan source code leak could spur new online banking attacks

Trojan source code leak could spur new online banking attacks

Nuclear Bot's author releases its source code publicly for other cybercriminals to use

LastPass is scrambling to fix another serious vulnerability

LastPass is scrambling to fix another serious vulnerability

Flaw in the password manager could allow malicious websites to infect computers with malware or steal users' passwords

Apple: Macs and iPhones are safe from newly revealed CIA exploits

Apple: Macs and iPhones are safe from newly revealed CIA exploits

The Mac and iPhone exploits described in new documents attributed to the U.S. Central Intelligence Agency were patched years ago, according to Apple.

LastPass fixes serious password leak vulnerabilities

LastPass fixes serious password leak vulnerabilities

Developers of the popular LastPass password manager rushed to push out a fix to solve a serious vulnerability that could have allowed attackers to steal users' passwords or execute malicious code on their computers.

Hackers threaten to wipe millions of Apple devices, demand ransom

Hackers threaten to wipe millions of Apple devices, demand ransom

A group of hackers is threatening to wipe millions of iOS devices in two weeks if Apple doesn't pay them $150,000

Flaws in Moodle CMS put thousands of e-learning websites at risk

Flaws in Moodle CMS put thousands of e-learning websites at risk

Organizations that use the popular Moodle learning management system should deploy the latest patches as soon as possible because they fix vulnerabilities that could allow attackers to take over web servers.

 Pwn2Own hacking contest ends with two virtual machine escapes

Pwn2Own hacking contest ends with two virtual machine escapes

Two teams of researchers managed to win the biggest bounties at this year's Pwn2Own hacking contest by escaping from the VMware Workstation virtual machine and executing code on the host operating system.

Some HTTPS inspection tools might weaken security

Some HTTPS inspection tools might weaken security

Many security products that intercept HTTPS traffic don't properly validate certificates, US-CERT has warned

String of fileless malware attacks possibly tied to single hacker group

String of fileless malware attacks possibly tied to single hacker group

Several attacks observed over the past few months that rely heavily on PowerShell, open-source tools and fileless malware techniques, might be the work of a single group of hackers.

It's time to turn on HTTPS: the benefits are well worth the effort

It's time to turn on HTTPS: the benefits are well worth the effort

HTTPS websites get a speed boost, better search engine rankings, and fewer browser warnings

How much are vendor security assurances worth after the CIA leaks?

How much are vendor security assurances worth after the CIA leaks?

Software vendors will fix these vulnerabilities, but users should remember that there are always zero-day exploits out there

Hackers exploit Apache Struts vulnerability to compromise corporate web servers

Hackers exploit Apache Struts vulnerability to compromise corporate web servers

Attackers are widely exploiting a recently patched vulnerability in Apache Struts that allows them to remotely execute malicious code on web servers.

Leaked docs suggest NSA and CIA behind Equation cyberespionage group

Leaked docs suggest NSA and CIA behind Equation cyberespionage group

With its sophisticated tools and longstanding operations, Equation is considered the most advanced cyberespionage group in the world

Load More