Gift cards are popular gift ideas year-round and a favorite for scammers. Threat actors request them in social engineering schemes as they can be used as easily as cash, work as a payment method not linked to a specific person, and do not have the same protections as credit cards.
The NJCCIC observed a new adversary-in-the-middle (AiTM) phishing campaign aimed at harvesting credentials. This campaign starts with an email claiming to be from the help desk, with a link provided to reset or retain the current password.
Multiple Vulnerabilities have been discovered in NetScaler ADC and NetScaler Gateway, which could allow for remote code execution. Successful exploitation of these vulnerabilities could lead to remote code execution (RCE) and/or denial of service (DoS) attacks.
A vulnerability has been discovered in Git, which could allow for remote code execution. Git is a free and open-source distributed version control system (VCS). It is designed to track changes in source code during software development and is widely used for coordinating work.
Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with...
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution. Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged-on user.
The NJCCIC received reports of a phishing scam sent to New Jersey State employees, abusing the legitimate and trusted Google AppSheet, a no-code application development platform for mobile, tablet, and web applications. In this phishing scam, threat actors...
A vulnerability has been discovered in Apple products which could allow for arbitrary code execution. Successful exploitation could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could...
Before 2015, few established Voice over Internet Protocol (VoIP) options existed. Skype and TeamSpeak were among the most common, but were limited in scale and became outdated. Around this time, Discord hit the market, becoming a cultural staple in online gaming communities.
Over the past several weeks, the NJCCIC observed an uptick in investment schemes, resulting in losses between $900 and $1.8 million. Threat actors pose as experienced investment advisors or registered professionals as part of an investment group.
