The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Environmental Protection Agency (EPA), and the Department of Energy (DOE)—hereafter referred to as “the authoring organizations”—are aware of cyber incidents...
The NJCCIC periodically receives reports of New Jersey users implementing mailbox forwarding rules that automatically forward messages from their work email to an external mailbox that is not monitored by their organization. Email forwarding to external non-work accounts...
Fortinet is aware of a technique employed by cyber threat actors to maintain read-only access to vulnerable FortiGate devices by creating a symbolic link connecting the user filesystem and the root filesystem in a folder used to serve language files for the SSL-VPN.
The NJCCIC continues to receive reports of unauthorized access resulting from a failure in identity and access management or patch management, such as virtual private network (VPN) accounts without multi-factor authentication (MFA) implemented.
When it comes to securing networks, data, and accounts, cybersecurity professionals often focus on advanced security controls and tools that can help identify and prevent malicious and suspicious activity. While this is valid, we may fail to spotlight the necessity...
According to 2024 statistics, the United States is one of the top countries for account compromises or account takeovers (ATOs). Microsoft and Amazon are among the top five domain sources for these attacks. The percentages of targeted and impacted industries are relatively prevalent...
The New Jersey Office of Homeland Security and Preparedness (NJOHSP) released the 2025 Threat Assessment, which details domestic terrorists, foreign terrorists, counterintelligence, transnational crime, and cybersecurity threats facing New Jersey. The NJCCIC assesses that in 2025...
Browser extensions frequently grant extensive permissions to sensitive user information, including identity information, cookies, browsing history and data, passwords, web page content, text input, and audio/video capture. Unfortunately, many organizations may not know...
The NJCCIC reflects on the cyber threats experienced over the past year to strategize our cyber defenses for the year ahead. We highlight several ransomware attacks, cyberattacks impacting critical infrastructure and more, and numerous attempts to interfere with the 2024 elections.
The Cybersecurity and Infrastructure Security Agency (CISA), in partnership with the National Security Agency (NSA), the Federal Bureau of Investigation (FBI) and international partners, have released a Guide which provides best practices to protect against a PRC-affiliated threat actor.
