A vulnerability has been discovered in SolarWinds Web Help Desk, which could allow for remote code execution. SolarWinds Web Help Desk (WHD) is a web-based software that provides IT help desk and asset management functionality, allowing IT teams to manage service requests...
A vulnerability has been discovered in GoAnywhere Managed File Transfer (MFT) which could allow for Command Injection. GoAnywhere Managed File Transfer (MFT) is an enterprise-level software solution for securely automating, managing, and tracking file transfers.
A vulnerability has been discovered in WatchGuard Fireware OS, which could allow for arbitrary code execution. Fireware OS is the software that runs on WatchGuard Firebox firewalls. Fireware includes a Web UI that includes a way to manage, and monitor each Firebox in your network.
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user.
FinWise Bank partners with American First Finance (AFF) to offer consumer financing products, including installment loans and lease-to-own programs. FinWise Bank, on behalf of AFF, disclosed a data breach involving a former employee who accessed sensitive data...
The NJCCIC has observed an increase in the distribution of infostealing malware. This type of malware is popular among threat actors because of the kind and amount of information it can exfiltrate. Infostealers often have capabilities that allow threat actors to retrieve credentials.
The NJCCIC observed a malware campaign sent to New Jersey State employees, purporting to be proof of payment. The malicious emails contain a ZIP file labeled “Proof Of payment.001” with a SHA-256 hash. The ZIP file appears legitimate but includes a Microsoft EXE file.
Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated...
As we commemorate the anniversary of the September 11, 2001 attacks, we pause to honor the victims, the courage and sacrifice of first responders, the resilience of survivors, and the families and communities impacted. This tragedy changed our nation and our state forever.
The NJCCIC continues to receive reports of romance scams targeting New Jersey residents to steal funds. Threat actors typically create fake accounts on social media platforms or dating apps to pose as potential new friends or love interests. They increasingly use AI as disguise...
