Lucian Constantin
CSOonline
Iași, IS, Romania
Contact Lucian
Discover and connect with journalists and influencers around the world, save time on email research, monitor the news, and more.
| Recent: |
|
| Past: |
|
Past articles by Lucian:
Study shows attackers can use ChatGPT to significantly enhance phishing and BEC scams
Researchers demonstrate how attackers can use the GPT-3 natural language model to launch more effective, harder-to-detect phishing and business email compromise campaigns. → Read More
Ransomware ecosystem becoming more diverse for 2023
The decline of big ransomware groups like Conti and REvil has given rise to smaller gangs, presenting a threat intelligence challenge. → Read More
What is Ransom Cartel? A ransomware gang focused on reputational damage
The group combines data encryption with data theft and threatens to release stolen information on their website. But Ransom Cartel ups its game by threatening to send sensitive information to victim’s partners, competitors, and news outlets to inflict as much damage as possible. → Read More
OpenSSL project patches two vulnerabilities but downgrades severity
The two vulnerabilities in OpenSSL 3.0 are now rated as high rather than critical severity after further testing. → Read More
North Korea’s Lazarus group uses vulnerable Dell driver to blind security solutions
This first known exploit of the Dell vulnerability might inspire other malware developers who want to avoid detection of their code. → Read More
Cyberespionage group developed backdoors tailored for VMware ESXi hypervisors
A possibly new threat actor packaged and deployed backdoors as vSphere Installation Bundles, gaining remote code execution and persistence capabilities. → Read More
Ransomware operators might be dropping file encryption in favor of corrupting files
Corrupting files is faster, cheaper, and less likely to be stopped by endpoint protection tools than encrypting them. → Read More
North Korean state-sponsored hacker group Lazarus adds new RAT to its malware toolset
Lazarus has used the new remote access Trojan in campaigns that exploit the Log4Shell vulnerability and target energy companies. → Read More
How Azure Active Directory opens new authentication risks
Hybrid cloud identity and access management services add complexity and opportunity for attackers to network authentication processes, as recently demonstrated for Azure AD. → Read More
Ragnar Locker continues trend of ransomware targeting energy sector
Ransomware gangs seem to be exploiting concerns over disruptions in the energy and other critical infrastructure sectors. → Read More
Multi-stage crypto-mining malware hides in legitimate apps with month-long delay trigger
The Nitrokod cryptocurrency mining campaign goes to great lengths to avoid detection and can remain active for years. → Read More
New ransomware HavanaCrypt poses as Google software update
The HavanaCrypt ransomware has data exfiltration capabilities and goes to great lengths to avoid analysis. → Read More
"Evil PLC Attack" weaponizes PLCs to infect engineering workstations
Researchers demonstrate a proof of concept where hijacked programmable logic controllers can compromise engineering workstations to allow lateral movement. → Read More
Black Basta: New ransomware threat aiming for the big league
The Black Basta ransomware gang has reached a high level of success in a short time and is possibly an offshoot of Conti and REvil. → Read More
CISA releases IOCs for attacks exploiting Log4Shell in VMware Horizon and UAG
The investigation by the federal agency shows not only the indicators of compromise but also the reasons why the Log4j vulnerability will persist indefinitely. → Read More
New speculative execution attack Retbleed impacts Intel and AMD CPUs
Unlike other speculative execution attacks like Spectre, Retbleed exploits return instructions rather than indirect jumps or calls. → Read More
LockBit explained: How it has become the most popular ransomware
Criminal use of the LockBit ransomware as a service is growing rapidly thanks to updates to the malware and the decline of other ransomware gangs. → Read More
Zero-day flaw in Atlassian Confluence exploited in the wild since May
Atlassian has issued emergency patches for the vulnerability, which could allow attackers to perform remote code execution. → Read More
New cryptomining malware targets AWS Lambda
The malware, dubbed Denonia, is written in Go for easier deployment and uses AWS's own open-source Go libraries. → Read More
Developer sabotages own npm module prompting open-source supply chain security questions
The node-ipc developer attempt to protest Russia's attack on Ukraine has the unintended consequence of casting more doubt in software supply chain integrity. → Read More