Are you a Linux user? If so, be aware that there is a new kind of malware to be concerned about. The BlackBerry Threat Research and Intelligence team, in concert with Joakim Kennedy (an Intezer Analyze security researcher), have announced the discovery of a new strain of malware. They’ve dubbed it Symbiote, and it was…
Researchers at HP have discovered a new malware loader that they’ve dubbed SVCReady. While new malware strains are common, this one is distinct for a couple of different reasons. Like many malicious programs, this spreads primarily via phishing email campaigns. One way that this new strain differs however, is the fact that the malware is…
If you’re involved in information security in any capacity, you’re probably quite familiar with the infamous Emotet botnet. It’s one of the most dangerous and prolific botnets out there and it is a dire threat to organizations of all sizes. The bad news is that the botnet is still being actively enhanced and is gaining…
You may not know the name Matthew Hickey, but you should thank him for a recent discovery that could save you a lot of grief. Hickey is the co-founder of a company called Hacker House. He recently discovered a flaw that could allow for the opening of a remote search window simply by opening a…
Recently, Microsoft reported high severity security vulnerabilities in multiple apps offered by large international mobile service providers. What makes this especially noteworthy is the fact that these vulnerabilities aren’t app specific, but framework specific. Many carriers use the same basic framework to construct their apps and now all have been found to contain vulnerabilities. The…
File this away under “good news, bad news.” The bad news is that there’s a new, critical zero-day threat to be concerned about. The threat has been dubbed ‘Follina.’ It is being tracked as CVE-2022-30190 and is being described by Microsoft as an MSDT (Microsoft Windows Support Diagnostic Tool) remote code execution flaw that impacts…
A browser hijacker called “ChromeLoader” has had a large uptick in detections this month, which is raising eyebrows among security professionals. ChromeLoader can modify a victim’s web browser settings to show search results that promote unwanted (and usually spammy) software, annoying pop-up ads, fake giveaways, adult games, dating sites, surveys, and the like. As malware…
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory that serves as a stark warning. If you’re using VMware products that are impacted by recently disclosed critical security flaws, either patch them immediately or remove them from your network. CISA issued the dire warning because the last time critical security flaws were discovered…
Security researchers employed by Microsoft have recently spotted a variant of the Sysrv botnet. They have dubbed the new variant Sysrv-K. This new variant works in two ways. First, it exploits a flaw in the Spring Cloud Gateway that allows remote code execution (tracked as CVE-2022-22947). Second, the botnet scans the web for WordPress plugins…
HP recently released a BIOS update to address a pair of high-severity vulnerabilities that affect a wide range of PC and notebook products offered by the company. In both cases, the vulnerabilities would allow an attacker to execute code arbitrarily and with Kernel level privileges. The two flaws are being tracked as CVE-2021-3808 and CVE-2021-3809…