The NJCCIC recently observed an uptick in phishing campaigns targeting New Jersey State employees using a legitimate file-sharing platform and URL redirects to steal user credentials and deliver malware. One scheme uses an Adobe Acrobat link.
Visual Studio Code (VS Code) is a popular source code editor developed by Microsoft. It contains many useful features, such as debugging support, code completion and refactoring, and built-in Git support. In late 2023, a few instances of malicious extensions were found in the marketplace.
Everbridge, a software company, has informed its customers that threat actors gained access to files containing business and user data in a recent breach of its corporate systems. The company offers public warning, crisis management, and risk intelligence services.
Multiple organizations using Snowflake, a cloud data analysis company, disclosed that they were breached. The data platform is used by 9,437 customers, including some of the largest companies worldwide, such as AT&T, Capital One, US Foods, Western Union, and many others.
The NJCCIC recently received reports of a phishing campaign that was also identified by Proofpoint. The campaign targets students and faculty and involves malicious emails using piano or musical instrument-themed messages to lure people into advance fee fraud (AFF) scams.
DarkGate has spread through several phishing campaigns, including fake browser updates, the messaging feature in Microsoft Teams, and PDFs containing Google DoubleClick Digital Marketing (DDM) open redirects. The NJCCIC recently reported on DarkGate exploiting Windows.
Vulnerabilities have been discovered in Progress Telerik Report Server, which could allow for remote code execution. Telerik Report Server provides centralized management for Progress business intelligence reporting suite through a web application.
LockBit ransomware has long held a dominant position at the forefront of the most active and prevalent threats in the cyber landscape. Since 2019, LockBit has orchestrated numerous attacks targeting entities regardless of their size or global location. Read to learn on how to protect against this.
A vulnerability has been discovered in Check Point Security Gateway Products that could allow for credential access. A Check Point Security Gateway sits between an organization’s environment and the Internet to enforce policy and block threats and malware.
The State and Local Cybersecurity Grant Program is a federal grant program administered by the United States DHS and funded by the IIJA. The goal is to improve the cybersecurity posture of state, local, and territorial government organizations.
