Yesterday was Patch Tuesday. Microsoft released fixes for seventy-six vulnerabilities, twenty of which Redmond classified as "critical." Adobe also patched, as is its custom, offering security updates for Flash Player, Acrobat/Reader, the ColdFusion programming language, and the Creative Cloud desktop app.
Carbon Black has found a new strain of Shlayer, macOS malware first observed last year by Indego. This version of Shlayer, notable for both its obfuscation and its privilege escalation capabilities, has been downloaded from multiple sites. Its most common guise is that of a bogus Adobe Flash software update.
Nozomi has published its research into GreyEnergy, malware ESET discovered in 2018. A successor to BlackEnergy, GreyEnergy has been used against infrastructure targets in Ukraine and elsewhere. Nozomi points out a feature that tends to make the malware resistant to reverse engineering: it's surrounded by a lot of junk code.
China has got around to officially denying it had anything to do with an attempted hack of Parliament in Canberra, the Australian reports. Beijing's Foreign Ministry says it's another move in a smear campaign.
Tomorrow is St. Valentine's Day. (And you're welcome for that reminder.) As you thrash around online in last-minute searches for gifts, tokens of esteem, or indeed for love itself, beware. The cybercriminals read the same calendar you do, and they're primed to take advantage of any eleventh-hour desperation. Be especially wary of online offers of chocolate, cards, flowers, and so forth. Hackers speak the language of love, but they do so with a serpent's tongue.