The NJCCIC was recently notified of a cyber incident in which a threat actor compromised a user's account credentials by targeting the Password Hash Synchronization (PHS) login method. Azure utilizes PHS to validate credentials and authenticate users without needing an additional...
A new botnet known as Eleven11bot quickly became one of the largest in the last several years, infecting over 86,000 Internet of Things (IoT) devices. The botnet, mainly comprised of security cameras and network video recorders, has been used to launch distributed denial-of-service (DDoS)...
DISA Global Solutions (DISA) is a third-party administrator of employment screening services, including drug and alcohol testing, background checks, occupational health, transportation compliance, and financial due diligence. DISA has more than 6,000 collection sites and service centers...
Stark Aerospace, a US missile systems and aerial weapons manufacturer based in Mississippi, was targeted by the INC Ransom group. The group claims to have exfiltrated 4TB of sensitive data, including source code, design plans, employee passports, etc.
UnitedHealth Group (UHG) reported that last year's breach of its technology subsidiary, Change Healthcare, affected 190 million people— double the initial estimate following the cyberattack on February 21, 2024. This incident is the largest healthcare data breach in history.
In light of the recent PowerSchool incident in which the personally identifiable information (PII) of students and teachers was breached, the NJCCIC is sharing the Identity Theft and Compromised PII document to assist schools in providing recommendations to those impacted.
The breach was discovered on December 28, 2024, when unauthorized access to customer information was detected on their PowerSource customer support platform. Some impacted districts reported unauthorized activity as early as December 22.
A new threat group identified as Hellcat claims to have stolen sensitive user data after breaching Schneider Electric's Jira system. The alleged attack compromised critical information, including over 400,000 rows of user data, totaling more than 40GB.
In June, the NJCCIC reported on a previous ClickFix campaign that used PowerShell scripts to drop malicious payloads. Recently, ClickFix was identified in two separate phishing campaigns. In one of these campaigns , the threat actors hacked into over 6,000 WordPress sites.
Analysts recently discovered at least one Advanced Persistent Threat (APT) actor actively exploiting CVE-2024-39717. The vulnerability impacts Versa’s Director GUI platform, which potentially allows malicious files to be uploaded by users with Provider-Data-Center-Admin and more.
