In the early morning of Friday, July 19, a Windows update pushed by CrowdStrike to its customers contained a defect that caused widespread global IT outages. Cyber threat actors attempt to capitalize on this event in social engineering campaigns.
A new Linux variant of Play ransomware has been targeting VMWare ESXi environments. Businesses often use ESXi environments to run multiple virtual machines (VMs), typically hosting backup solutions, critical applications, and data storage.
CRYSTALRAY, a newly discovered threat actor, utilizes multiple open-source software (OSS) to grow its credential stealing and cryptomining operations. Researchers first identified this threat actor in February by tracking their use of the OSS SSH-Snake... Click to learn more.
Using social media or other messaging platforms, fraudsters posing as lawyers representing fictitious law firms may contact scam victims and offer their services, claiming to have the authorization to investigate fund recovery cases. Click to read more.
Threat actors are using phishing schemes to steal login credentials for initial access and the diversion of automated clearinghouse (ACH) payments to US controlled bank accounts. Healthcare organizations are attractive targets for threat actors due to multiple factors.
Reported card skimming incidents increased by 40 percent from 2022 to 2023. New Jersey is one of the top five states, accounting for nearly 50 percent of card compromise reports (CCRs). The outlook for 2024 shows a continued upward trend, which means increased card skimming...
The NJCCIC continues to observe attempted Telephone-Oriented Attack Delivery (TOAD) phishing email attacks, similar to open-source reporting. Prior to the attack, cybercriminals perform reconnaissance on victims, gathering information from various sources.
Reported card skimming incidents increased by 40 percent from 2022 to 2023. More specifically, New Jersey is one of the top five states, accounting for nearly 50 percent of card compromise reports (CCRs). The outlook for 2024 shows an upward trend.
The NJCCIC observed two new phishing campaigns utilizing PowerShell scripts to drop multiple malicious payloads. One campaign, dubbed ClickFix, launched by a threat actor identified as TA571 which was also behind the recently observed DarkGate phishing campaign.
The NJCCIC recently received multiple incident reports from organizations targeted with direct deposit scams in an attempt to change bank account information for direct deposit payments for payroll to facilitate fraud. K-12 school districts are primarily targeted.
