Lucian Constantin

CSO Senior Writer

Lucian Constantin writes about information security, privacy, and data protection for CSO.

Microsoft fixes 55 vulnerabilities, 3 exploited by Russian cyberspies

Microsoft fixes 55 vulnerabilities, 3 exploited by Russian cyberspies

Microsoft released security patches Tuesday for 55 vulnerabilities across the company's products, including three flaws that have already been exploited in targeted attacks by cyberespionage groups.

Microsoft fixes remote hacking flaw in Windows Malware Protection Engine

Microsoft fixes remote hacking flaw in Windows Malware Protection Engine

Microsoft released an update for the malware scanning engine bundled with most of its Windows security products to fix a highly critical vulnerability that could allow attackers to hack computers.

Microsoft fixes remote hacking flaw in Windows Malware Protection Engine

Microsoft fixes remote hacking flaw in Windows Malware Protection Engine

Microsoft released an update for the malware scanning engine bundled with most of its Windows security products to fix a highly critical vulnerability that could allow attackers to hack computers.

Supply chain attack hits Mac users of HandBrake video converter app

Supply chain attack hits Mac users of HandBrake video converter app

Hackers compromised a download server for HandBrake, a popular open-source program for converting video files, and used it to distribute a macOS version of the application that contained malware.

Supply chain attack on HandBrake video converter app hits Mac users

Supply chain attack on HandBrake video converter app hits Mac users

Hackers compromised a download server for HandBrake, a popular open-source program for converting video files, and used it to distribute a macOS version of the application that contained malware.

Cyberspies tap free tools to make powerful malware framework

Cyberspies tap free tools to make powerful malware framework

Over the past year, a group of attackers has managed to infect hundreds of computers belonging to government agencies with a malware framework stitched together from JavaScript code and publicly available tools.

Cyberspies tap free tools to build powerful malware framework

Cyberspies tap free tools to build powerful malware framework

Over the past year, a group of attackers has managed to infect hundreds of computers belonging to government agencies with a malware framework stitched together from JavaScript code and publicly available tools.

Snake cyberespionage malware is ready to bite Mac users

Snake cyberespionage malware is ready to bite Mac users

A sophisticated Russian cyberespionage group is readying attacks against Mac users and has recently ported its Windows backdoor program to macOS.

Cybercrime group abuses Windows app compatibility feature

Cybercrime group abuses Windows app compatibility feature

The FIN7 cybercrime group is abusing the Windows Application Compatibility Infrastructure, a feature that makes it possible for enterprises and developers to quickly resolve incompatibilities between their applications and new Windows...

Financial cybercrime group abuses Windows app compatibility feature

Financial cybercrime group abuses Windows app compatibility feature

The FIN7 financially motivated cybercrime group is abusing the Windows Application Compatibility Infrastructure, a feature that makes it possible for enterprises and developers to quickly resolve incompatibilities between their...

Xen hypervisor faces third highly critical VM escape bug in 10 months

Xen hypervisor faces third highly critical VM escape bug in 10 months

The Xen Project has fixed three vulnerabilities in its widely used hypervisor that could allow operating systems running inside virtual machines to access the memory of the host systems, breaking the critical security layer between...

Shodan search engine starts unmasking malware command-and-control servers

Shodan search engine starts unmasking malware command-and-control servers

There's now a new tool that could allow researchers and companies to quickly block communications between some malware families and their constantly changing command-and-control servers.

Android gets patches for critical flaws in media handling, hardware drivers

Android gets patches for critical flaws in media handling, hardware drivers

Android has received security fixes for over one hundred vulnerabilities, including 29 critical flaws in the media processing server, hardware-specific drivers and other components.

Stealthy Mac malware spies on encrypted browser traffic

Stealthy Mac malware spies on encrypted browser traffic

A new malware program that targets macOS users is capable of spying on encrypted browser traffic and stealing sensitive information.

Network management vulnerability exposes cable modems to hacking

Network management vulnerability exposes cable modems to hacking

Hundreds of thousands of internet gateway devices from around the world, primarily cable modems, are vulnerable to hacking because of a serious weakness in their implementation of the Simple Network Management Protocol.

Cloudflare wants to secure IoT connections to the internet

Cloudflare wants to secure IoT connections to the internet

Web optimization and security firm Cloudflare launched a service that could allow IoT manufacturers to protect devices from attacks and deploy patches much quicker.

Companion mobile app exposed Hyundai cars to potential hijacking

Companion mobile app exposed Hyundai cars to potential hijacking

The mobile application that accompanies many Hyundai cars exposed sensitive information that could have allowed attackers to remotely locate, unlock and start vehicles.

Webroot deletes Windows files and causes serious problems for users

Webroot deletes Windows files and causes serious problems for users

Users of Webroot's endpoint security product, consumers and businesses alike, had a nasty surprise Monday when the program started detecting Windows files as malicious.

Russian man receives longest-ever prison sentence in the U.S. for hacking

Russian man receives longest-ever prison sentence in the U.S. for hacking

A 32-year-old Russian hacker was sentenced to 27 years in prison in the U.S. for stealing millions of payment card details from U.S. businesses by infecting their point-of-sale systems with malware.

Russian man receives longest-ever prison sentence in the US for hacking

Russian man receives longest-ever prison sentence in the US for hacking

A 32-year-old Russian hacker was sentenced to 27 years in prison in the U.S. for stealing millions of payment card details from U.S. businesses by infecting their point-of-sale systems with malware.

Load More