The Federal Trade Commission (FTC) warned job seekers about the continued rise in online job scams. These scams, also known as “task scams,” request for repetitive tasks to be performed. These tasks are often completed in an app or a platform that tracks completed tasks...
Iranian threat actors have deployed a new malware, IOCONTROL, to target Internet of Things (IoT) devices and Operational Technology (OT)/SCADA systems in critical infrastructure across Israel and the United States. Analysts have categorized IOCONTROL as a nation-state...
Multiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user.
A vulnerability has been discovered in multiple Cleo products that could allow for remote code execution. Cleo’s LexiCom, VLTransfer, and Harmony is software that is used to manage file transfers. Successful exploitation of this vulnerability could allow for remote code execution...
The State and Local Cybersecurity Grant Program (SLCGP) is a federal grant program administered by the United States Department of Homeland Security (DHS) and funded by the Infrastructure Investment and Jobs Act (IIJA ). The overall goal of the SLCGP is to improve...
Analysts began monitoring a phishing scam known as “Payroll Pirates” that involves payroll redirection and primarily targets employees of various organizations, particularly those using Workday. The threat actors use malicious SEO poisoning and spoofed Human Resources (HR) pages.
The NJCCIC’s email security solution detected a new credential and card harvesting phishing scheme impersonating American Express. Several subject lines were utilized in this campaign. Upon clicking the provided link, users are redirected to a webpage imitating a login page.
The NJCCIC recently received an incident report regarding search engine optimization (SEO) poisoning. An individual searched for Facebook’s Help Center using a popular search engine and found a fictitious 1-888 phone number for Facebook Support as one of the top results.
Ransomware continues to dominate the threat landscape, posing significant risks to organizations. The NJCCIC continues to receive reports of ransomware incidents impacting New Jersey private and public sector organizations, including educational institutions and local governments.
Multiple vulnerabilities have been discovered in Ivanti Cloud Services Application (CSA), the most severe of which could allow for remote code execution. Ivanti Endpoint Manager is a client-based unified endpoint management software. Click to read more.
