Threat actors are using HTML smuggling and fraudulent Google Sites pages to disseminate AZORult in a new malware campaign. AZORult, dubbed PuffStealer and Ruzalto, was first detected in 2016. It searches the desktop for sensitive documents using keywords...
Malicious copies of popular apps have been discovered on the Apple App Store. These apps are designed to be mistaken for legitimate apps and conduct malicious activity, such as stealing login credentials and other sensitive information. Click to learn more.
Over one hundred malicious artificial intelligence (AI) machine learning (ML) models have been discovered on the Hugging Face platform, a popular public AI model repository allowing users to create interactive in-browser demonstrations. Click to learn more about malware concerns.
A vulnerability has been discovered in the Apache OFBiz, which could allow for remote code execution. Apache OFBiz is an open source product for the automation of enterprise processes. It includes framework components and business applications for ERP, CRM, and more.
A good cybersecurity practice is to stay informed of publicly disclosed vulnerabilities and to update all device hardware, operating systems, apps, software, and anti-virus or anti-malware programs. These patches address flaws and security within a program that could be exploited.
The NJCCIC observed multiple phishing campaigns sent from both US and non-US top-level domains (TLD) to New Jersey State employees to deliver the AgentTesla malware, an advanced backdoor used to steal credentials and data. Read for tips to avoid this scam.
The NJCCIC received reports of targeted, well-crafted phishing emails claiming to be from financial institutions, specifically Citizens Bank. In the above example, the sender’s display name impersonates Citizens Bank to convey legitimacy. Click to learn more.
The NJCCIC observed phishing campaigns claiming to be from the Better Business Bureau (BBB) and targeting business owners in an attempt to deliver Ursnif data-stealing malware to potentially gain remote access, exfiltrate data, and deploy ransomware.
Emotet has resurfaced worldwide after three months of inactivity. Cofense researchers have discovered malicious email campaigns using finance and invoice lures to collect information for future campaigns, gain remote access, deploy ransomware, and exfiltrate data.
The NJCCIC observed websites containing SocGholish. SocGholish is a malware loader that exploits vulnerable website infrastructure and can perform reconnaissance and deploy malicious payloads, such as remote access trojans (RATs), information stealers, and ransomware.
