Lucian Constantin

CSO Senior Writer

Lucian Constantin writes about information security, privacy, and data protection for CSO.

Cisco patches high and critical flaws across several products

DNS data shows one in 10 organizations have malware traffic on their networks

DNS data shows one in 10 organizations have malware traffic on their networks

Akamai report highlights how widespread malware threats remain, noting the dangers of threats specific to DNS infrastructure.

Researchers found security pitfalls in IBM’s cloud infrastructure

Researchers found security pitfalls in IBM’s cloud infrastructure

A demonstrated attack by cybersecurity researchers in IBM’s cloud infrastructure allowed them access to the internal server used to build database images for customer deployments.

Software projects face supply chain security risk due to insecure artifact downloads via GitHub Actions

Software projects face supply chain security risk due to insecure artifact downloads via GitHub Actions

Cybersecurity researchers found risks in the GitHub Actions platform that could enable attackers to inject malicious code into software projects and initiate a supply chain attack.

Researchers show techniques for malware persistence on F5 and Citrix load balancers

Researchers show techniques for malware persistence on F5 and Citrix load balancers

Tests show that deploying malware in a persistent manner on load balancer firmware is within reach of less sophisticated attackers.

New speculative execution attack Retbleed impacts Intel and AMD CPUs

New speculative execution attack Retbleed impacts Intel and AMD CPUs

Unlike other speculative execution attacks like Spectre, Retbleed exploits return instructions rather than indirect jumps or calls.

TLS implementation flaws open Aruba and Avaya network switches to RCE attacks

TLS implementation flaws open Aruba and Avaya network switches to RCE attacks

The network switch vulnerabilities are considered critical and could allow attackers to break network segmentation, exfiltrate data, and escape captive portals.

New attack bypasses hardware defenses for Spectre flaw in Intel and ARM CPUs

New attack bypasses hardware defenses for Spectre flaw in Intel and ARM CPUs

Though not as easy to exploit, this proof of concept shows that some Intel and ARM processors are still vulnerable to side-channel attacks.

Critical flaws in APC uninterruptible power supplies poses risks to mission-critical devices

Critical flaws in APC uninterruptible power supplies poses risks to mission-critical devices

Attackers can exploit cloud-connected APC Smart-UPS units to take control of the devices they protect.

Critical flaws in remote management agent impacts thousands of medical devices

Critical flaws in remote management agent impacts thousands of medical devices

The Axeda platform, used by hundreds of IoT devices, has seven vulnerabilities, three of which allow for remote code execution.

SASE is coming, but adoption will be slow (especially for large enterprises)

SASE is coming, but adoption will be slow (especially for large enterprises)

Smaller organizations eye SASE to provide secure access to applications. Lack of maturity, existing security and digital transformation investments give large enterprises pause on SASE.

Cloudflare wants to be your corporate network backbone with centralized management and security

Cloudflare wants to be your corporate network backbone with centralized management and security

Magic WAN and Magic Firewall aim to simplify linking sites and datacenters while allowing organizations to better enforce security policies.

Load More