The recent surge in data breaches is a significant cause for concern, including the publicly exposed database containing more than 184 million records of email addresses, usernames, passwords, and links to account login or authorization webpages.
The NJCCIC’s email security solution observed a phishing campaign aimed at harvesting Microsoft account credentials, multi-factor authentication (MFA) tokens, and associated session cookies. Messages in this campaign appear to come from DocuSign, Edward Jones...
Multiple vulnerabilities have been discovered in Cisco ISE and ISE-PIC that could allow for remote code execution. Cisco Identity Services Engine (ISE) is a security policy management platform that provides secure access to network resources. Successful exploitation of these...
On Saturday, June 21, United States military forces struck three of Iran’s key nuclear facilities: Natanz, Isfahan, and Fordow. At this time, there are no specific or credible threats to New Jersey from Iran; however, the situation remains highly fluid following the recent airstrikes on Iranian...
The NJCCIC’s email security solution has observed an increase in fake web browser update phishing campaigns. These campaigns begin with an email containing a link to a compromised website. The compromised website has a JavaScript inject that checks for the following conditions:
Wiper malware is a type of destructive malware that destroys organizational files and data, rendering them inaccessible and unusable. It typically spreads through phishing emails, malicious downloads, exploited vulnerabilities, Remote Desktop Protocol (RDP) exploits, etc.
The scope of these SMiShing campaigns is extensive, affecting numerous US states and resulting in significant financial losses. The FTC highlighted that consumers reported losses amounting to $470 million in 2024 due to scams initiated via text messages.
The NJCCIC received reports regarding the impersonation of NJ Department of Labor and Workforce Development (DOL) personnel in SMS text phishing (SMiShing) schemes. Cybercriminals are contacting claimants via text message, identifying themselves as "NJLWD".
A vulnerability exists in Grafana which could result in arbitrary code execution. Grafana is an open-source platform used for visualizing and analyzing time series data. It allows users to connect to various data sources, query and transform data, and create interactive dashboards.
Last night, Israel initiated "Operation Rising Lion," a significant wave of airstrikes targeting key Iranian nuclear facilities and military installations, including the main enrichment site at Natanz and various military bases. The NJCCIC assesses that heightened geopolitical tensions...
