21.02.2025

The Hacker News 20.02.2025 14:37
Freelance software developers are the target of an ongoing campaign that leverages job interview-themed lures to deliver cross-platform malware families known as BeaverTail and InvisibleFerret.
The activity, linked to North Korea, has been codenamed DeceptiveDevelopment, which overlaps with clusters tracked under the names Contagious Interview (aka CL-STA-0240), DEV#POPPER, Famous Chollima,

The Hacker News 20.02.2025 12:21
A previously unknown threat activity cluster targeted European organizations, particularly those in the healthcare sector, to deploy PlugX and its successor, ShadowPad, with the intrusions ultimately leading to deployment of a ransomware called NailaoLocker in some cases.
The campaign, codenamed Green Nailao by Orange Cyberdefense CERT, involved the exploitation of a now-patched security flaw

The Hacker News 20.02.2025 12:12
A malware campaign distributing the XLoader malware has been observed using the DLL side-loading technique by making use of a legitimate application associated with the Eclipse Foundation.
"The legitimate application used in the attack, jarsigner, is a file created during the installation of the IDE package distributed by the Eclipse Foundation," the AhnLab SEcurity Intelligence Center (ASEC)

The Hacker News 20.02.2025 5:36
Citrix has released security updates for a high-severity security flaw impacting NetScaler Console (formerly NetScaler ADM) and NetScaler Agent that could lead to privilege escalation under certain conditions.
The vulnerability, tracked as CVE-2024-12284, has been given a CVSS v4 score of 8.8 out of a maximum of 10.0.
It has been described as a case of improper privilege management that could

Infosecurity Magazine 19.02.2025 18:15
A flaw in the Jupiter X Core plugin has been identified, allowing upload of malicious SVG files and remote code execution on vulnerable servers

Schneier on Security 19.02.2025 16:07
This isn’t new, but it’s increasingly popular:
The technique is known as device code phishing. It exploits “device code flow,” a form of authentication formalized in the industry-wide OAuth standard. Authentication through device code flow is designed for logging printers, smart TVs, and similar devices into accounts. These devices typically don’t support browsers, making it difficult to sign in using more standard forms of authentication, such as entering user names, passwords, and two-factor mechanisms.
Rather than authenticating the user directly, the input-constrained device displays an alphabetic or alphanumeric device code along with a link associated with the user account. The user opens the link on a computer or other device that’s easier to sign in with and enters the code. The remote server then sends a token to the input-constrained device that logs it into the account…

Spiegel Online 19.02.2025 13:01
Mit der App von Rewe lassen sich virtuelle Bonuspunkte sammeln. Verschiedene Nutzer wundern sich nun, wie es Dritten gelingen konnte, über das System mit ihren Guthaben einzukaufen. Das ist über die Masche bekannt.

CSO Online 17.02.2025 10:45

Lesen Sie, welche Unternehmen in Deutschland aktuell von Cyberangriffen betroffen sind.