A vulnerability has been discovered in WatchGuard Fireware OS, which could allow for arbitrary code execution. Fireware OS is the software that runs on WatchGuard Firebox firewalls. Fireware includes a Web UI that includes a way to manage, and monitor each Firebox in your network.
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user.
FinWise Bank partners with American First Finance (AFF) to offer consumer financing products, including installment loans and lease-to-own programs. FinWise Bank, on behalf of AFF, disclosed a data breach involving a former employee who accessed sensitive data...
The NJCCIC has observed an increase in the distribution of infostealing malware. This type of malware is popular among threat actors because of the kind and amount of information it can exfiltrate. Infostealers often have capabilities that allow threat actors to retrieve credentials.
The NJCCIC observed a malware campaign sent to New Jersey State employees, purporting to be proof of payment. The malicious emails contain a ZIP file labeled “Proof Of payment.001” with a SHA-256 hash. The ZIP file appears legitimate but includes a Microsoft EXE file.
Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated...
As we commemorate the anniversary of the September 11, 2001 attacks, we pause to honor the victims, the courage and sacrifice of first responders, the resilience of survivors, and the families and communities impacted. This tragedy changed our nation and our state forever.
The NJCCIC continues to receive reports of romance scams targeting New Jersey residents to steal funds. Threat actors typically create fake accounts on social media platforms or dating apps to pose as potential new friends or love interests. They increasingly use AI as disguise...
The NJCCIC observed a phishing campaign imitating the US National Highway Traffic Safety Administration. In this campaign, threat actors send a phishing email containing a PDF file that looks legitimate and appears to be benign. To add credibility to the email, the threat actors use...
A new wave of SMS text phishing messages (SMiShing) is being sent to NJ residents and those in other states nationwide. Like previous SMiShing campaigns referencing motor vehicle violations and toll fees, these text messages impersonate the Division of Taxation and claim that a refund...
