DarkGate has spread through several phishing campaigns, including fake browser updates, the messaging feature in Microsoft Teams, and PDFs containing Google DoubleClick Digital Marketing (DDM) open redirects. The NJCCIC recently reported on DarkGate exploiting Windows.

Vulnerabilities have been discovered in Progress Telerik Report Server, which could allow for remote code execution. Telerik Report Server provides centralized management for Progress business intelligence reporting suite through a web application.

A vulnerability has been discovered in Check Point Security Gateway Products that could allow for credential access. A Check Point Security Gateway sits between an organization’s environment and the Internet to enforce policy and block threats and malware.

The NJCCIC continues to observe social engineering schemes targeting individuals seeking employment, often referred to as job scams. Increases in layoffs and job cuts exacerbate this issue; layoffs in the financial sector alone increased in the first quarter of 2023.

In May 2023, Google launched several new top-level domains (TLDs), including .ZIP. The use of .ZIP for filename extensions and domain names is legitimate; however, threat actors are exploiting the .ZIP domain name in a new phishing technique called “file archiver in the browser.”

FortiSIEM is a multi-tenant SIEM that offers user awareness for threat detection, analysis, and reporting. Vulnerabilities have been discovered which could allow for remote code execution. An attacker could then install programs; view, change, or delete data; or create new accounts.

The NJCCIC recently observed a text message phishing campaign in which threat actors attempted to steal users’ banking credentials and payment card details. Information about this campaign can be found in the video embedded in the NJCCIC post. Click to learn more.