Multiple Vulnerabilities have been discovered in Ivanti Avalanche, the most severe of which could allow for authentication bypass. Ivanti Avalanche is a mobile device management system. Network security features allow one to manage wireless settings...
Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user.
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs, and more.
In light of the recent PowerSchool incident in which the personally identifiable information (PII) of students and teachers was breached, the NJCCIC is sharing the Identity Theft and Compromised PII document to assist schools in providing recommendations to those impacted.
Multiple vulnerabilities have been discovered in SonicWall SonicOS that could allow for authentication bypass. SonicOS is SonicWall’s operating system designed for their firewalls and other security devices. Successful exploitation of the most severe of these vulnerabilities could allow...
The breach was discovered on December 28, 2024, when unauthorized access to customer information was detected on their PowerSource customer support platform. Some impacted districts reported unauthorized activity as early as December 22.
The NJCCIC received incident reports indicating that the well-known sextortion email scam is again circulating. Some reports noted that the threatening message was included in a PDF attachment named after the target rather than in the body of the email.
Browser extensions frequently grant extensive permissions to sensitive user information, including identity information, cookies, browsing history and data, passwords, web page content, text input, and audio/video capture. Unfortunately, many organizations may not know...
Multiple vulnerabilities have been discovered in Ivanti Products, the most severe of which could allow for remote code execution. Ivanti Endpoint Manager is a client-based unified endpoint management software. Successful exploitation of the most severe of these could...
The North Korean (DPRK)-linked Lazarus Group recently shifted its focus to the nuclear industry, indicating a concerning shift from its previous tactics of primarily targeting defense, aerospace, and cryptocurrency, among others. The Lazarus Group has historically...
