Alerts & Advisories

Threat actors identified as UTA0178 are actively targeting two zero-day vulnerabilities ( CVE-2024-21887 and CVE-2023-46805 ) found in Ivanti Connect Secure (ICS) VPN appliances. Volexity researchers discovered at least 1,700 devices worldwide have been compromised with the GIFTEDVISITOR webshell backdoor variant. Initially, the attacks were highly targeted and included ...

CONTINUE READING >

Over the past month, threat actors are increasingly using social engineering tactics to impersonate Verizon Wireless fraud agents with technical support, spoof Verizon Wireless phone numbers and SMS text messages, and target Verizon Wireless cellphone subscribers. For example, threat actors contact the target and claim that the account has ...

CONTINUE READING >

Throughout 2023, cyberattacks affected organizations, governments, businesses, and private residents in New Jersey, resulting in monetary loss, degradation and interruption of services and resources, reputational damage, exposure of sensitive information, emotional distress, and more. In an era dominated by digital connectivity, the importance of cybersecurity cannot be overstated. Reflecting on ...

CONTINUE READING >

The NJCCIC detected a recent uptick in TOAD phishing campaigns that may cause substantial disruption and losses across various organizations. A telephone-oriented attack delivery (TOAD) attack uses various social engineering tactics to build trust and credibility with victims. The attack is perpetuated by threat actors leveraging a combination of ...

CONTINUE READING >

Threat actors continue to research their targets, impersonate trusted entities, and initiate communications through email, phone calls, and SMS text messaging to convince them to take action, such as divulging information or transferring funds. In bank impersonation scams, threat actors seek personal information, account numbers, passwords, and PINs. If ...

CONTINUE READING >

Cyberattacks attributed to state-sponsored and state-aligned advanced persistent threats (APTs) continue to spike. Recent activity includes Russian threat groups APT 28 and APT 29. APT 28, also known as Fancy Bear and associated with Russia's General Staff Main Intelligence Directorate (GRU), was discovered leveraging a Microsoft Outlook zero-day identified ...

CONTINUE READING >

According to the Verizon 2023 Mobile Security Index white paper, the number of diverse endpoints is increasing, especially those that are mobile or using mobile connectivity. Mobile devices offer users convenience, connection, control, and content, both personally and professionally. However, they transmit and store data and could be exploited ...

CONTINUE READING >

As Critical Infrastructure Security and Resilience (CISR) Month came to a close, a number of sectors were impacted by disruptive cyberattacks over the long holiday weekend. A shifting geopolitical landscape has intensified national security concerns and, while some of these attacks are opportunistic and financially motivated, others are the ...

CONTINUE READING >

It is commonplace for consumers to purchase gift cards as a present, especially for special occasions or the holidays. Threat actors seek to exploit this common task in gift card scams. For example, threat actors initiate fraudulent requests typically by spoofing a known or trusted person—such as a person ...

CONTINUE READING >

The number of reported card skimming incidents increased 20 percent during the first half of 2023 compared to the same period in 2022. More specifically, New Jersey is one of several states with the most significant increases in skimming incidents, with at least a 50 percent year-over-year increase in ...

CONTINUE READING >

A LinkedIn database containing roughly 35 million users’ personal information was leaked by USDoD, a hacking group that gained notoriety last year after leaking the personal information of nearly 87,000 members of the Federal Bureau of Investigation’s (FBI’s) collaborative intelligence platform, InfraGard. The database largely contains publicly available information ...

CONTINUE READING >

The incidence of zero-day exploitation has shown an alarming increase on a global scale, significantly affecting federal government agencies, particularly over the last month, as emphasized by the Cybersecurity and Infrastructure Security Agency (CISA). Despite an overall decline in these vulnerabilities, federal government analysts observed an increase in zero-day ...

CONTINUE READING >

A critical severity vulnerability in several versions of the QNAP QTS operating system and applications could allow threat actors to execute commands. CVE-2023-23368 is a CVSSv3.1 9.8/10 flaw that can be exploited remotely by an unauthenticated threat actor without user interaction. Impacted QNAP versions include QTS 5.0.x, QTS 4.5.x, ...

CONTINUE READING >

Atlassian discovered a critical improper authorization vulnerability, tracked as CVE-2023-22518 , impacting all Confluence Data Center and Server instances that may lead to significant data loss if successfully exploited. There are no reports of active exploitation at the time of this writing; however, this advisory comes just weeks after ...

CONTINUE READING >

Critical infrastructure organizations are urgently advised to identify signs of compromise on their systems and network that could be attributed to Volt Typhoon, a Chinese State-sponsored hacking group. Microsoft researchers have noted behavior that suggests the threat actors intend to conduct cyberespionage campaigns and maintain footholds within networks while avoiding ...

CONTINUE READING >

A critical information disclosure vulnerability, known as “Citrix Bleed” and affecting Citrix NetScaler ADC/Gateway devices, is being actively exploited by threat actors. The vulnerability, tracked as CVE-2023-4966 , is remotely exploitable and can allow threat actors to obtain valid session tokens from the memory of internet-facing NetScaler devices. The ...

CONTINUE READING >

VMware disclosed a vulnerability, tracked as CVE-2023-34048 , in vCenter Server, the central management hub for vSphere suite that allows users to monitor and manage virtualized infrastructure. The vulnerability, which received a critical CVSS score of 9.8/10, is a partial information disclosure flaw that could allow an unauthenticated threat ...

CONTINUE READING >

This Multi-State Information Sharing and Analysis Center (MS-ISAC) Advisory addresses a vulnerability discovered in EXIM, which could allow for arbitrary code execution. Exim is a mail transfer agent (MTA) for hosts that are running Unix or Unix-like operating systems. Successful exploitation of this vulnerability could allow for arbitrary code execution ...

CONTINUE READING >

Progress Software released information regarding multiple vulnerabilities, several critical, in their WS_FTP Server software. These flaws were discovered in the WS_FTP Server Ad hoc Transfer Module and the WS_FTP Server manager interface. The most critical of the vulnerabilities is CVE-2023-40044 , which has the highest severity rating of 10/10, and ...

CONTINUE READING >

Summary Users continue to receive emails referencing payment receipts for anti-virus solutions they did not purchase. Unlike from invoice scams, these emails do not request payment but rather claim that a payment has already been made. The user is instructed to contact the company via the included phone number to ...

CONTINUE READING >

A third-party cyber threat intelligence platform utilized by the NJCCIC provides notification when passwords related to select email domains have been exposed or discovered for sale on the internet or dark web. Analyzing the results of these notifications highlights the adherence – or lack thereof – to cybersecurity best ...

CONTINUE READING >

The NJCCIC recently observed two phishing campaigns in which threat actors included suspicious links via QR codes. Quick Response (QR) codes are square barcodes that can be scanned by smartphones to quickly send users to a website, download an application, or direct payments. The use of QR codes increased ...

CONTINUE READING >

Vendor email compromise (VEC) is a targeted and in-depth type of business email compromise (BEC) in which cybercriminals impersonate a third-party vendor in order to steal funds from that vendor's customers. . . .

CONTINUE READING >

The NJCCIC continues to observe employment scams in which job seekers are targeted with fake job offers, often with the intent to collect PII that can be used to commit fraud, steal funds, and other malicious activity. Examples of job scams include work-from-home or remote work, virtual personal assistant, ...

CONTINUE READING >

Data breaches result from unauthorized access to systems and can originate from outside or inside the organization, and may be accidental or conducted with financially motivated malicious intent resulting in online public exposure. Cyber threat actors typically access and perform data theft operations via phishing attacks, impersonation scams, credential-stuffing ...

CONTINUE READING >

The NJCCIC received incident reports indicating various Unemployment Insurance (UI) and Temporary Disability and Family Leave Insurance fraud attempts. Unemployment and disability fraud occurs when cybercriminals exploit personally identifiable information (PII) to receive labor benefits illegally. Potential targets may include those whose PII was exposed in past data breaches, ...

CONTINUE READING >

Search engine optimization (SEO) is the process of improving the quality and quantity of website traffic to a website or a web page from search engines. SEO poisoning is a tactic in which threat actors strategically create malicious websites and use techniques such as keyword stuffing to insert irrelevant ...

CONTINUE READING >

Summary Over the last several years, the NJCCIC observed a steady increase in ransomware attacks with a data exfiltration component. Stealing data from victim networks prior to the encryption process provides cyber threat actors the means to apply additional pressure on victims to pay ransom demands in hopes of preventing ...

CONTINUE READING >

The NJCCIC observed multiple campaigns identified as gift card scams attempting to convince New Jersey State employees to purchase gift cards to extort funds. The emails are primarily from free email providers instead of corporate domains. Threat actors may spoof the sender’s display name, which may differ from the ...

CONTINUE READING >