Lucian Constantin

CSO Senior Writer

Lucian Constantin writes about information security, privacy, and data protection for CSO.

New speculative execution attack Retbleed impacts Intel and AMD CPUs

TLS implementation flaws open Aruba and Avaya network switches to RCE attacks

TLS implementation flaws open Aruba and Avaya network switches to RCE attacks

The network switch vulnerabilities are considered critical and could allow attackers to break network segmentation, exfiltrate data, and escape captive portals.

New attack bypasses hardware defenses for Spectre flaw in Intel and ARM CPUs

New attack bypasses hardware defenses for Spectre flaw in Intel and ARM CPUs

Though not as easy to exploit, this proof of concept shows that some Intel and ARM processors are still vulnerable to side-channel attacks.

Critical flaws in APC uninterruptible power supplies poses risks to mission-critical devices

Critical flaws in APC uninterruptible power supplies poses risks to mission-critical devices

Attackers can exploit cloud-connected APC Smart-UPS units to take control of the devices they protect.

Critical flaws in remote management agent impacts thousands of medical devices

Critical flaws in remote management agent impacts thousands of medical devices

The Axeda platform, used by hundreds of IoT devices, has seven vulnerabilities, three of which allow for remote code execution.

SASE is coming, but adoption will be slow (especially for large enterprises)

SASE is coming, but adoption will be slow (especially for large enterprises)

Smaller organizations eye SASE to provide secure access to applications. Lack of maturity, existing security and digital transformation investments give large enterprises pause on SASE.

Cloudflare wants to be your corporate network backbone with centralized management and security

Cloudflare wants to be your corporate network backbone with centralized management and security

Magic WAN and Magic Firewall aim to simplify linking sites and datacenters while allowing organizations to better enforce security policies.

SolarWinds attack explained: And why it was so hard to detect

SolarWinds attack explained: And why it was so hard to detect

A group believed to be Russia's Cozy Bear gained access to government and other systems through a compromised update to SolarWinds' Orion software. Most organizations aren't prepared for this sort of software supply chain attack.

Use of cloud collaboration tools surges and so do attacks

Use of cloud collaboration tools surges and so do attacks

Some industries have seen increases in cloud-related threat events rise as much as 1,350% since the COVID-19 crisis began.

6 things you need to know about VPNs

6 things you need to know about VPNs

In the past, virtual private networks were mainly used by companies to securely link remote branches together or connect roaming employees to the office network, but today they're an important service for consumers too.

Shadow Brokers teases more Windows exploits and cyberespionage data

Shadow Brokers teases more Windows exploits and cyberespionage data

A group of hackers that previously leaked alleged NSA exploits claims to have even more attack tools, as well as intelligence gathered by the agency on foreign banks and ballistic missile programs.

WannaCry attacks are only the beginning

WannaCry attacks are only the beginning

As the WannaCry ransomware attack evolves, more cybercriminals are likely to attempt to profit from the vulnerability it exploits and similar flaws in the future.

Load More