Lucian Constantin

CSO Senior Writer

Lucian Constantin writes about information security, privacy, and data protection for CSO.

Researchers found security pitfalls in IBM’s cloud infrastructure

Software projects face supply chain security risk due to insecure artifact downloads via GitHub Actions

Software projects face supply chain security risk due to insecure artifact downloads via GitHub Actions

Cybersecurity researchers found risks in the GitHub Actions platform that could enable attackers to inject malicious code into software projects and initiate a supply chain attack.

Researchers show techniques for malware persistence on F5 and Citrix load balancers

Researchers show techniques for malware persistence on F5 and Citrix load balancers

Tests show that deploying malware in a persistent manner on load balancer firmware is within reach of less sophisticated attackers.

New speculative execution attack Retbleed impacts Intel and AMD CPUs

New speculative execution attack Retbleed impacts Intel and AMD CPUs

Unlike other speculative execution attacks like Spectre, Retbleed exploits return instructions rather than indirect jumps or calls.

TLS implementation flaws open Aruba and Avaya network switches to RCE attacks

TLS implementation flaws open Aruba and Avaya network switches to RCE attacks

The network switch vulnerabilities are considered critical and could allow attackers to break network segmentation, exfiltrate data, and escape captive portals.

New attack bypasses hardware defenses for Spectre flaw in Intel and ARM CPUs

New attack bypasses hardware defenses for Spectre flaw in Intel and ARM CPUs

Though not as easy to exploit, this proof of concept shows that some Intel and ARM processors are still vulnerable to side-channel attacks.

Critical flaws in APC uninterruptible power supplies poses risks to mission-critical devices

Critical flaws in APC uninterruptible power supplies poses risks to mission-critical devices

Attackers can exploit cloud-connected APC Smart-UPS units to take control of the devices they protect.

Critical flaws in remote management agent impacts thousands of medical devices

Critical flaws in remote management agent impacts thousands of medical devices

The Axeda platform, used by hundreds of IoT devices, has seven vulnerabilities, three of which allow for remote code execution.

SASE is coming, but adoption will be slow (especially for large enterprises)

SASE is coming, but adoption will be slow (especially for large enterprises)

Smaller organizations eye SASE to provide secure access to applications. Lack of maturity, existing security and digital transformation investments give large enterprises pause on SASE.

Cloudflare wants to be your corporate network backbone with centralized management and security

Cloudflare wants to be your corporate network backbone with centralized management and security

Magic WAN and Magic Firewall aim to simplify linking sites and datacenters while allowing organizations to better enforce security policies.

SolarWinds attack explained: And why it was so hard to detect

SolarWinds attack explained: And why it was so hard to detect

A group believed to be Russia's Cozy Bear gained access to government and other systems through a compromised update to SolarWinds' Orion software. Most organizations aren't prepared for this sort of software supply chain attack.

Use of cloud collaboration tools surges and so do attacks

Use of cloud collaboration tools surges and so do attacks

Some industries have seen increases in cloud-related threat events rise as much as 1,350% since the COVID-19 crisis began.

Load More