Alerts & Advisories
The US Financial Industry Regulatory Authority (FINRA) issued several warnings of regulatory notices in the last year, with the latest notifying of an ongoing phishing campaign targeting US brokers and brokerage firms. Threat actors are using the spoofed domain, finra-online[.]com, to send fraudulent compliance audit alerts and harvest information. ...
Researchers from both Microsoft and FireEye have identified three new malware families associated with the SolarWinds supply chain attack. These malware variants are suspected to have been secondary payloads on compromised systems. These new variants appear to be associated with the threat actors originally identified as UNC2452 (FireEye) and ...
On March 2, 2021, Microsoft reported that several vulnerabilities – referred to collectively as “ProxyLogon” – in on-premises Microsoft Exchange servers were being exploited by threat actors, including the HAFNIUM group. Since then, the exploitation of these vulnerabilities has become widespread and indiscriminate. Furthermore, proof-of-concept code was published to ...
Microsoft recently revealed that vulnerabilities in on-premises Microsoft Exchange servers were being exploited by threat actors, including HAFNIUM . The most severe of these vulnerabilities could allow a threat actor to execute code in the context of the server, and possibly view, modify, or delete data. Once exploitation occurs, ...
Ten vulnerabilities have been discovered in SaltStack, seven of which are considered high severity. Successful exploitation of these vulnerabilities may result in remote code execution, shell injection, and access to sensitive information via a man-in-the-middle attack. One of the flaws, CVE-2020-28243 , affects SaltStack minions and may also allow ...
A high severity zero-day vulnerability, CVE-2021-21166 , in Google Chrome is actively being exploited. The vulnerability, described as an object lifestyle issue in audio, is one of several high severity vulnerabilities patched in the most recent update. The most severe of these vulnerabilities could allow a threat actor to ...
Gootloader, the multi-payload malware platform, is actively targeting entities in the US, Germany, and South Korea. The infection chain begins with social engineering techniques that include manipulated search engine optimization (SEO), which brings malicious websites to the top of the results on search engine websites. This fraudulent forum website ...
Several critical vulnerabilities were discovered in on-premise versions of Microsoft Exchange Server 2013, 2016, and 2019. Successful exploitation of the most severe of the vulnerabilities could allow a threat actor to execute arbitrary code in the mail server and possibly modify or delete data. According to Microsoft, these vulnerabilities ...
The first week in March is National Consumer Protection Week, which helps people understand their consumer rights, manage their money, protect their privacy, and avoid scams. Impersonation scams are one example of a scam in which threat actors spend time researching their target, pretend to be a trusted person or entity, and lure their victims with different and personalized social engineering tactics.
Summary Multiple vulnerabilities have been discovered in Microsoft Exchange Server (on premises version), the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the mail server. Depending on ...
Several vulnerabilities, including four critical remote code execution flaws, in F5 Networks BIG-IP (all models prior to version 16.0.1.1 and Advanced WAF/ASM prior to 16.0.1.1) and BIG-IQ (prior to version 8.0.0) software were disclosed on March 10, 2021. The most severe of these vulnerabilities could allow a remote threat ...
A new vulnerability, CVE-2021-21972 , in VMware vCenter could allow a threat actor to take over systems and their associated networks. Over 6,700 VMware vCenter servers are exposed online and vulnerable to the vSphere Client (HTML5) remote code execution flaw. Proof-of-concept (POC) exploitation code has been released online and ...
Powerhouse Management VPN servers are being abused in reflected/amplified distributed denial-of-service (DDOS) attacks. A private researcher known as Phenomite first identified the DDOS attack vector as being a service that runs on Powerhouse VPN servers using UDP port 20811. Attackers can exploit this service by sending a UDP packet(s) ...
Over the last several years, the NJCCIC reported on various extortion phishing scams known as “sextortion.” The most common sextortion campaigns claim that the perpetrator compromised the recipient’s device and took adult content screenshots or videos, and threatens to release them if a ransom is not paid. In order ...
Security researchers at Red Canary disclosed a new malware identified as Silver Sparrow affecting macOS systems. The malware leverages macOS Installer JavaScript APT to execute commands, the first observed use of this technique by malware. There are currently two variants of the malware: version one only affects Intel x86_64 ...
Tax Identity Theft Threat actors steal and use tax information, including SSNs, of unsuspecting taxpayers in several ways to file fraudulent tax returns and steal refunds. In order to acquire this information, threat actors may collect information exposed in a network compromise or data breach, or via social engineering campaigns. ...
Apple patched a vulnerability in macOS Big Sur versions 11.2 and 11.3 that could cause devices to get stuck in a boot loop and prevent users from accessing their data. The flaw exists because the installers do not verify available disk space; therefore, devices without the disk space to ...
The New Jersey State Police (NJSP) posted a phone scam alert in which threat actors claim to be NJ State Troopers. The threat actors suggest that the intended victim has been identified as a victim of identity theft and attempts to collect personally identifiable information (PII) such as Social ...
The Internal Revenue Service (IRS) and state tax agencies are warning tax professionals of a phishing scam targeting tax professionals. The scammers impersonate the IRS in an attempt to collect e-file identification numbers (EFINs), driver’s license images, and other credentials. These phishing emails appear to come from “IRS Tax ...
The Cybersecurity and Infrastructure Security Agency (CISA) released several malware analysis reports (MAR) related to AppleJeus, a malware variant used by the North Korean government-sponsored cyber threat actor HIDDEN COBRA (aka Lazarus Group). The group is targeting individuals and companies, including cryptocurrency exchanges and financial service companies, through the ...
The cybersecurity of critical infrastructure and key resources have increasingly become a concern as cyberattacks affect the confidentiality, integrity, availability, and privacy of information and information systems. Cybercriminals attempt to exploit and degrade these systems in order to disrupt operations and potentially impact public health and safety.
This joint advisory is the result of analytic efforts among the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Treasury (Treasury) to highlight the cyber threat to cryptocurrency posed by North Korea, formally known as the Democratic People’s Republic of Korea ...
The FBI is issuing this PIN to provide awareness regarding Telephony Denial of Service (TDoS) attacks. TDoS attacks affect the availability and readiness of 911 call centers and can undermine public trust in emergency services. TDoS attacks have evolved from manual to automated. Manual TDoS attacks use social networks ...
Microsoft Security Intel detected an increase in business email compromise (BEC) attacks targeting K-12 teachers. Rather than using compromised email accounts, the attackers in this campaign registered new accounts using free email service providers such as Gmail, Mail[.]ru, Yahoo, Hotmail, Outlook, and iCloud. The attackers used these accounts to ...
Microsoft urges customers to apply recent updates as soon as possible after they identified and patched critical and high severity vulnerabilities. Three of these are vulnerabilities in Windows TCP/IP affecting Windows 7 and higher, both client and server versions. CVE-2021-24074 and CVE-2021-24094 are remote code execution vulnerabilities and are ...
On February 5, 2021, an unauthorized individual gained access to the network of a small water treatment plant in Florida. According to reports, the user connected to the network via the remote access software TeamViewer and modified controls in order to increase the amount of sodium hydroxide – known ...
Usernames and passwords provide a layer of security to systems and services; however, they are not sufficient in protecting against cyberattacks. The increase in password reuse, credential stuffing attacks, data breaches, and dark web and public disclosures necessitate the adoption and implementation of additional account security requirements, such as multi-factor authentication (MFA).
Several vulnerabilities exist in SolarWinds products. SolarWinds patched one vulnerability in their Serv-U FTP and two vulnerabilities in their Orion product. The Serv-U FTP vulnerability could allow a local user, or one logged in remotely via RDP, to add a privileged account. The first Orion vulnerability could allow a ...
A Sudo vulnerability, tracked as CVE-2021-3156 , can be exploited to allow a user account to gain root level access. The flaw is present in most default Linux+Sudo installations, Apple’s macOS , and IBM AIX systems. While Sudo patched the bug, the vulnerability still exists in the most current ...
A new backdoor, dubbed Kobalos, has been observed by ESET researchers largely targeting high-performance computers (HPC) and servers on academic and research networks. Victims also included an end-point security vendor and a large Internet Service Provider (ISP). Although the code itself is small, it is complex and capable of ...
Ransomware groups are exploiting two critical vulnerabilities, CVE-2019-5544 and CVE-2020-3992 , in VMware ESXi in order to encrypt virtual hard disks. ESXi is a hypervisor that is installed directly on a physical server that consolidates virtual machines in order to share the same hard drive storage, among other features. ...
According to Israeli cybersecurity firm ClearSky, an advanced persistent threat (APT) group compromised approximately 250 servers, many from telecommunications and IT companies across the world, including in the United States. The threat actor used vulnerable public-facing web servers as the initial attack vector and then used several tools to ...
Google’s Threat Analysis Group (TAG) identified an ongoing social engineering campaign targeting cybersecurity researchers – specifically those that focus on vulnerability research and development. The campaign, assessed to be attributed to a North Korean (DPRK) state-sponsored threat group, has been ongoing for several months. TAG observed the DPRK threat ...
Ransomware is still prevalent and evolving in our current threat landscape as predictions for 2021 indicate that the number of ransomware attacks are likely to increase. The NJCCIC continues to receive reports of ransomware incidents impacting NJ businesses, organizations, and private citizens, resulting in operational disruptions, financial loss, and/or data exfiltration.
Multiple vulnerabilities have been discovered in the Google Android operating system (OS), the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe ...
Europol and the FBI, among other agencies, took control of the infrastructure behind Emotet, the largest and most prolific malware botnet. Emotet has been used by cybercriminals in major cyberattacks over the last several years, most notably in ransomware incidents. The threat actors behind the botnet leased out their ...
Claroty researchers discovered multiple critical vulnerabilities in Open Platform Communications (OPC) network protocol, an embedded protocol widely used throughout Industrial Control Systems (ICS). OPC is considered the communication hub of operational technology (OT) networks, ensuring the operability and management between ICS and proprietary devices that otherwise could not exchange ...
The Federal Trade Commission (FTC) released information on scammers attempting to impersonate the FTC. The scammers operate an FTC-spoofed website that claims to provide instant cash payments and attempts to convince consumers to disclose their financial information. The legitimate FTC does not require this information and scammers can use ...
On January 23, 2021, WestRock – a billion-dollar American packing company – detected a ransomware infection on both their information technology (IT) and operational technology (OT) systems. In an update on January 26, the company stated that its security teams continue to remediate and recover from the ransomware incident, ...
The ransomware group, Avaddon, is using distributed denial-of-service (DDOS) attacks as a secondary extortion tactic in order to pressure victims into paying the demanded ransom. The use of this tactic was first observed by SunCrypt and RagnarLocker ransomware threat actors in October 2020. Avaddon claims that they will continue ...
Thursday, January 28, 2021 is Data Privacy Day ! Data Privacy Day is a global effort to empower individuals and encourage businesses to respect privacy, safeguard data, and enable trust. Every year, a single day is dedicated to recognizing the importance of data privacy and being informed about how information ...
JSOF, an Israeli security firm, disclosed seven Dnsmasq vulnerabilities – collectively referred to as DNSpooq – that can be exploited in DNS cache poisoning, remote code execution, and denial-of-service attacks. The JSOF advisory details several major vendors that use the Dnsmasq software in their products. Recommendations The NJCCIC advises ...
IObit, a Windows systems software development company known for optimization utilities and anti-malware programs, was compromised and exploited in order to deploy the DeroHE ransomware. IObit forum members were targeted via a phishing email that offered a free one-year license to the developer’s software. The enclosed link redirected recipients ...
Millions of people continue to seek financial payments as a result of the ongoing pandemic and the upcoming tax season. Threat actors take advantage of these opportunities to employ social engineering tactics through phishing, vishing, and SMiShing campaigns in attempts to convince users to divulge sensitive information. This information can be subsequently used in fraudulent activity and financial payment scams, such as unemployment benefit scams, economic impact (or stimulus) payment scams, and tax refund payment scams. We provide examples and recommendations to educate users on these continuing threats and tactics in order to reduce victimization.
Cyber criminals are focusing their operations to target employees of companies worldwide who maintain network access and an ability to escalate network privilege. During COVID-19 shelter-in-place and social distancing orders, many companies had to quickly adapt to changing environments and technology. With these restrictions, network access and privilege escalation ...
Google’s Project Zero recently detailed in a series of blog posts a hacking operation that was first detected in early 2020 targeting Android and Windows devices via two exploit servers, exploit chains, and watering hole attacks. To gain access to the targeted devices, the threat actors exploited vulnerabilities in ...
Mimecast, an email security provider used by organizations worldwide, was alerted to an attack in which a sophisticated threat actor compromised an authentication certificate. This certificate is used by approximately 10 percent of Mimecast customers to authenticate Mimecast Sync and Recover, Continuity Monitor, and IEP products to Microsoft 365 ...
Cybersecurity firm Crowdstrike published their analysis of a malicious tool used by the threat actors responsible for the SolarWinds cyberattack that impacted thousands of organizations around the world. The implant, known as SUNSPOT, was used to inject the SUNBURST backdoor malware into the build environment of the Orion software. ...
During the storming of the US Capitol on January 6, 2021, many individuals gained unauthorized physical access to the US government building, desks and private offices, devices, paper files, and more. All systems and devices were left at risk and could have been compromised. Of the many consequences that resulted from the insurrection, unlawful entry, intimidation, and vandalism, digital government assets were left exposed and this riot serves as a reminder of the cybersecurity implications of any physical breach and reinforces the importance of physical security as part of cybersecurity best practices.
The Cybersecurity and Infrastructure Security Agency (CISA) has evidence of post-compromise advanced persistent threat (APT) activity in the cloud environment. Specifically, CISA has seen an APT actor using compromised applications in a victim’s Microsoft 365 (M365)/Azure environment and using additional credentials and Application Programming Interface (API) access to cloud ...
Multiple vulnerabilities have been discovered in PHP, the most severe of which could allow for arbitrary code execution. PHP is a programming language originally designed for use in web-based applications with HTML content. PHP supports a wide variety of platforms and is used by numerous web-based software applications. Successful ...
The FBI first observed Egregor ransomware in September 2020. To date, the threat actors behind this ransomware variant claim to have compromised over 150 victims worldwide. Once a victim company’s network is compromised, Egregor actors exfiltrate data and encrypt files on the network. The ransomware leaves a ransom note ...
Intezer researchers discovered a new remote access trojan (RAT), dubbed ElectroRAT, targeting Windows, Linux, and MacOS cryptocurrency users. The threat actors engage in an extensive operation – assessed to have begun January 2020 – composed of marketing campaigns and the creation of custom applications. These applications were named Jamm, ...
The first new ransomware variant of 2021 – dubbed Babuk Locker – has been identified by researchers. Babuk Locker uses new techniques such as multi-threading encryption and the abuse of Windows Restart Manager. The encrypted files are currently appended with the hardcoded extension, . __NIST_K571__ , and the ransom ...
Threat actors are actively scanning for open SSH ports after a vulnerability was recently revealed in Zyxel Firewall and AP Controllers. The vulnerability, CVE-2020-29583 , may allow for remote administrative access, granting an attacker the ability to change firewall settings, intercept traffic, create VPN accounts to gain access to ...
People have an expectation of security when making online payments and transactions, and want to ensure all personal information is protected and their funds are secured. They may use popular online payment systems to instantly accept and send money, such as PayPal, Venmo, Stripe, and others. Despite fraud protection and detection measures for these technological conveniences, cybercriminals take advantage of the opportunity to use social engineering tactics to target people who use these online payment systems. We provide examples and recommendations to educate users on these continuing threats and tactics in order to reduce victimization.
The National Security Agency (NSA) emphatically recommends replacing obsolete protocol configurations with ones that utilize strong encryption and authentication to protect all sensitive information. Over time, new attacks against Transport Layer Security (TLS) and the algorithms it uses have been discovered. Network connections employing obsolete protocols are at an ...
Multiple vulnerabilities have been discovered in the Google Android operating system (OS), the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe ...
A vulnerability has been discovered in Zyxel Firewall and AP Controllers, which could allow for remote administrative access. Zyxel is a manufacturer of networking devices that provides networking equipment globally. Successful exploitation of this vulnerability could allow for administrative access to the system, which could allow an attacker to ...
The Cybersecurity and Infrastructure Security Agency (CISA) has released Supplemental Guidance to Emergency Directive 21-01 . This guidance supplements the Emergency Directive (ED) 21-01 and Supplemental Guidance v1 issued on December 18, 2020. Specifically, all federal agencies operating versions of the SolarWinds Orion platform other than those identified as ...
One of the ways to monitor and protect financial information and accounts is to sign up to receive free alerts offered by financial institutions. Alerts, delivered via email or text message, provide real-time updates to stay aware and informed about account activity, manage finances, and detect any inconsistencies or possible fraudulent activity early on.
A critical vulnerability, tracked as CVE-2020-17530 , exists in Apache Struts 2 versions 2.0.0-2.5.25 that could allow a remote threat actor to execute code and degrade security on the affected system when a forced OGNL evaluation is evaluated on raw user input tag attributes. The exploitation of past Apache ...
Sansec researchers discovered a web skimming campaign in which information was harvested via malicious checkout pages. Typically, web skimmers target a single e-commerce platform; however, this campaign targeted multiple e-commerce platforms, including Shopify, BigCommerce Zencart, and Woocommerce. Before the actual legitimate checkout page, a fraudulent payment page is displayed ...
Multiple vulnerabilities have been discovered in SolarWinds Orion, the most severe of which could allow for arbitrary code execution. SolarWinds Orion is an IT performance monitoring platform that manages and optimizes IT infrastructure. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending ...
Researchers discovered the presence of a what is believed to be a second threat actor while analyzing artifacts from the SolarWinds Orion supply-chain attack. The malware – a backdoor dubbed Supernova – is a webshell of a trojanized legitimate .NET dynamic link library (DLL) found in Orion. Supernova is ...
Social media is defined as “interactive computer-mediated technologies that facilitate the creation or sharing of information, ideas, career interests, and other forms of expression via virtual communities and networks.” Users create service-specific profiles and may generate content such as text posts, photos, and videos. Shared content may include personally identifiable information (PII), which can be used to target individuals in social engineering schemes that contain lures such as account issues or offers that are “too good to be true.” Cybercriminals will attempt to convince their target to divulge sensitive or financial information, or perform a task such as clicking on links or attachments in order to gain unauthorized account or device access and commit further scams or other malicious activity. Although social media can be used as an effective communication tool, these platforms and the information contained within them can also be used by cybercriminals for nefarious purposes.
Throughout the COVID-19 pandemic, cyber threat actors have capitalized on global interest surrounding the virus to target users. Early in 2020, thousands of website domains related to COVID-19 were registered, and many of these websites were subsequently used to host malware and for other fraudulent activity. Phishing emails using ...
Multiple vulnerabilities have been discovered in Treck TCP/IP Stack, the most severe of which could result in arbitrary code execution. Treck TCP/IP Stack are networking protocols libraries specifically designed for embedded systems and are widely used. Successful exploitation of the most severe of these vulnerabilities could allow an attacker ...
CISA has updated AA20-352A : Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations, originally released December 17, 2020. This update states that CISA has evidence of, and is currently investigating, initial access vectors in addition to those attributed to the SolarWinds Orion supply chain ...
Multiple vulnerabilities have been discovered in SolarWinds N-Central. Two of these vulnerabilities, when used in conjunction with each other, could allow for remote code execution. SolarWinds N-Central is a remote monitoring and management automation platform for MSPs and IT professionals. Successful exploitation of the most severe of these vulnerabilities ...
Multiple vulnerabilities have been discovered in SolarWinds N-Central. Two of these vulnerabilities, when used in conjunction with each other, could allow for remote code execution. SolarWinds N-Central is a remote monitoring and management automation platform for MSPs and IT professionals. Successful exploitation of the most severe of these vulnerabilities ...
On December 13, the cybersecurity firm FireEye detailed a coordinated supply chain cyberattack in which threat actors gained access to the update server for SolarWind’s IT monitoring and management software Orion. The actors were able to upload malicious software updates to the server, which included a backdoor trojan – ...
PDF files are widely used for document sharing among businesses and may contain sensitive information. A new code-injection technique was discovered that allows threat actors to inject code and exfiltrate data as in classic cross-site scripting (XSS) attacks, and with capabilities of escaping objects such as parentheses and backslashes, ...
Researchers disclosed vulnerabilities affecting widely used point-of-sale (PoS) terminals manufactured by Verifone and Ingenico. The primary flaw resides in the use of default password settings, which provides users access to service modes such as hardware configuration and other available functions; Ingenico devices prevented users from changing the default password. ...
IBM Security Trusteer’s researchers discovered an organized mobile banking fraud operation targeting US and European financial institutions and stealing millions of dollars, with each attack only taking days to execute. Despite the intercepted operations, fraud-as-a-service offerings on underground markets may launch similar attacks and target other countries or territories. ...
In recent Ryuk and Egregor ransomware attacks, Sophos researchers discovered that SystemBC, a commodity malware sold on underground marketplaces, is being used in ransomware-as-a-service (RaaS) operations as a persistent Tor backdoor to encrypt and hide command and control communications. SystemBC is first dropped through malicious spam or phishing emails ...
Researchers from Microsoft 365 Defender identified a malware campaign affecting Windows devices, dubbed Adrozek, which has been proliferating since May 2020. The malware affects popular search engines such as Microsoft Edge, Google Chrome, and Mozilla Firefox and is used to collect fees from affiliates via advertisement services. The infection ...
Guardicore researchers identified an active ransomware campaign, known as PLEASE_READ_ME, targeting MySQL database servers. The campaign began as early as January 2020 and has compromised more than 250,000 databases, with an estimated 83,000 victims to date. The attack is trivial and begins with a brute-force attack on internet-facing MySQL ...
The Cybersecurity and Infrastructure Security Agency (CISA) is aware of active exploitation of SolarWinds Orion Platform software versions 2019.4 through 2020.2.1, released between March 2020 and June 2020. Affected organizations are encouraged to read the SolarWinds and FireEye advisories for more information and FireEye’s GitHub page for detection countermeasures: ...
Multiple vulnerabilities have been discovered in Cisco Jabber the most severe of which could allow for arbitrary code execution. Cisco Jabber provides instant messaging (IM), voice, video, voice messaging, desktop sharing, and conferencing on any device. Successful exploitation of the most severe of these vulnerabilities could allow an unauthenticated, ...
Since late August 2019, unidentified actors have used DoppelPaymer ransomware to encrypt data from victims within critical industries worldwide such as healthcare, emergency services, and education, interrupting citizens’ access to services. Since its emergence in June2019, DoppelPaymer ransomware has infected a variety of industries and targets, with actors routinely ...
When we hear the term “Internet of Things,” we may think of devices we use in our homes, such as thermostats, smoke alarms, kitchen appliances, televisions, door locks, and cameras; however, these devices go well beyond the home and are widely used across industries. IoT devices play a prominent role in our lives and offer many benefits, such as increased efficiency and performance, economic advantages, and convenience ...
The National Security Agency (NSA) issued an advisory regarding Russian state-sponsored threat actors exploiting a vulnerability in VMware Access and VMware Identity Manager products to access protected data. To exploit the vulnerability, threat actors would need to gain access to the web-based management interface of the device and then ...
The Cybersecurity and Infrastructure Security Agency (CISA) issued a security update urging administrators to upgrade vulnerable OpenSSL software after a high severity vulnerability was discovered. Tracked as CVE-2020-1971 , the vulnerability originates from a NULL pointer dereferencing issue, which may lead to a denial-of-service condition if exploited. Affected versions ...
In addition to distributing COVID-19 vaccine-themed phishing emails to private citizens, threat actors are also targeting various entities involved in the creation, approval, and distribution of COVID-19 vaccines. A global phishing campaign targeted organizations involved with the COVID-19 cold chain – a part of the supply chain responsible for ...
Over the past few weeks, the NJCCIC received several incident reports regarding hacked Facebook accounts. Threat actors are able to obtain unauthorized access to user accounts through a number of means, including credential stuffing or social engineering attacks. Credential stuffing is a type of attack in which a threat ...
The FBI, CISA, and MS-ISAC assess malicious cyber actors are targeting kindergarten through twelfth grade (K-12) educational institutions, leading to ransomware attacks, the theft of data, and the disruption of distance learning services. Cyber actors likely view schools as targets of opportunity, and these types of attacks are expected ...
Multiple vulnerabilities (known as Amnesia:33) have been discovered in various opensource TCP/IP stacks, the most severe of which could result in remote code execution. As of 2019, a large quantity of embedded projects were found to be utilizing opensource embedded TCP/IP stacks. Successful exploitation of the most severe of ...
The National Security Agency (NSA) released a Cybersecurity Advisory on Russian state-sponsored actors exploiting CVE-2020-4006 , a command-injection vulnerability in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. The actors were found exploiting this vulnerability to access protected data on affected systems. Password-based access to ...
Researchers at RedHunt Labs discovered more than 424,000 subdomains with misconfigured CNAME records. Additionally, they noted that 139 of Alexa’s top 1,000 domains may have fallen prey to subdomain takeovers. A CNAME, or canonical name, is the properly designated host name of a computer or network server. CNAME records ...
Several vulnerabilities have been discovered in the WebKit browser engine ( CVE-2020-13584 , CVE-2020-9948 , CVE-2020-9951 , CVE-2020-9952 , CVE-2020-9983 , CVE-2020-13543 ). Developed by Apple, WebKit is primarily used in Safari, iOS, BlackBerry, and Amazon Kindle browsers. Malicious web page code may trigger multiple use-after-free errors, which could ...
A vulnerability was discovered in Real Time Automation (RTA) 499ES EtherNet/IP (ENIP) stack, widely used throughout Industrial Control Systems (ICS). The vulnerability, tracked as CVE-2020-25159 , is considered critical after receiving a CVSS score of 9.8 due to the ease of remote exploitation. Successful exploitation of this vulnerability may ...
Researchers from Check Point Research discovered multiple variants of Bandook, a 13-year-old banking trojan, targeting victims in an unusually wide variety of locations, including the US. The targeted sectors include government, finance, energy, food, healthcare, education, IT, and legal institutions. It is believed a third party sells the offensive ...
A new e-commerce skimmer, discovered by a researcher who goes by the Twitter handle Affable Kraut, uses a new technique to steal customer payment card data. In these Magecart attacks, the threat actor steals the personal information entered into the checkout page to pre-fill a fraudulent PayPal order page. ...
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) issued an alert identifying ongoing cyber intrusions by advanced persistent threat (APT) actors targeting US think tanks. Attack vectors range from low-effort capabilities such as spearphishing emails, to more advanced techniques such as the exploitation ...
As with other topics of national and global interest, threat actors are employing vaccine lures to convince potential victims to divulge sensitive or financial information, or open malicious links or attachments included in phishing emails. Several organizations, such as the Better Business Bureau , Food & Drug Administration , ...
‘Tis the Season for Holiday Phishing Image Source: Security Weekly The holiday season is here and the NJCCIC has observed several holiday related phishing campaigns attempting to deliver emails to New Jersey state employees with the intent to install malware or steal users' credentials. Due to the global pandemic, users will likely shop online ...
The COVID-19 pandemic prompted a mass shift to telework among many US businesses, resulting in increased use of web-based email applications. According to recent FBI reporting, cyber criminals are implementing auto-forwarding rules on victims’ web-based email clients to conceal their activities. The web-based client’s forwarding rules often do not ...
A threat actor has published a list of exploits for vulnerability CVE-2018-13379, a path traversal flaw that affects unpatched Fortinet FortiOS SSL VPN devices. Exploitation may allow threat actors to steal login credentials. Though this vulnerability is old, researchers assess that there are nearly 50,000 publicly exposed devices still ...
Check Point researchers discovered a new mobile malware, dubbed WAPDropper, with stealthy capabilities of subscribing victims to premium-rate services from legitimate telecommunications providers in Malaysia and Thailand. Although this campaign is limited to Southeast Asian providers, similar schemes may be used in other regions of the world, including the ...
As the holiday shopping season approaches with Black Friday and Cyber Monday, researchers from RiskIQ discovered a new variant of the Grelos skimmer, featuring a loader stage and skimmer stage to steal payment card data from e-commerce websites. The Grelos skimmer, similar to Magecart attacks, overlaps in infrastructure used ...
A new version of Mount Locker ransomware has been identified targeting tax software files. Like other ransomware variants, Mount Locker, first seen in July 2020, threatens to publish stolen data in an additional extortion attempt. The new version searches for and encrypts files with extensions that are typically affiliated ...
Summary The FBI first observed Ragnar Locker ransomware in April 2020, when unknown actors used it to encrypt a large corporation’s files for an approximately $11 million ransom and threatened to release 10 TB of sensitive company data. Since then, Ragnar Locker has been deployed against an increasing list of ...
Summary Since April 2020, unidentified cyber actors have actively targeted vulnerable SonarQube instances to access source code repositories of US government agencies and private businesses. The actors exploit known configuration vulnerabilities, allowing them to gain access to proprietary code, exfiltrate it, and post the data publicly. The FBI has identified ...
The security of critical infrastructure and Industrial Control Systems (ICS) has increasingly become a concern as cybercriminals aim to exploit and degrade these systems in order to disrupt operations. Four ICS firms warned of vulnerabilities, ranging from critical to high severity. The Real Time Automation bug, tracing back to ...
An active Office 365 credential phishing campaign was observed using several evasion methods in an attempt to bypass sandbox environments. The campaign targets enterprises with lures relevant to teleworkers, such as password updates, video teleconferencing (VTC) invitations, and helpdesk tickets. One of the evasion tactics employed is the use ...
A long-running global campaign was recently observed targeting businesses using the ZeroLogon vulnerability. Identified as CVE-2020-1472 , the vulnerability can be used to spoof domain controller accounts and hijack domains, as well as compromise Active Directory identity services. Currently, targets appear to be organizations that have business ties to ...
Now more than ever, it is becoming increasingly important to take caution before clicking. Criminals are expanding their means for attack, finding different avenues to exploit the unsuspecting user. One of these avenues is by email; while you may think you are receiving an email from for a known contact ...
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released an updated Joint Cybersecurity Advisory relating to Russian state-sponsored advanced persistent threat (APT) activity and is being provided to assist cybersecurity professionals in guarding against the persistent malicious actions of cyber actors. Joint Cybersecurity ...
Threat actors are targeting Windows systems using a combination of two zero-day vulnerabilities, one affecting Google Chrome (CVE-2020-15999) and the other affecting Windows 7 through 10 (CVE-2020-17087). Successful exploitation of the flaws could allow threat actors to run malicious code inside Chrome and escape its secure container to run ...
Ransomware variants are very often created to affect Windows systems; however, the threat actors behind the RansomEXX variant have ported their strain to create a version that affects Linux systems. As ransomware threat actors continue to target servers on a victim network to increase their impact, developing variants capable ...
Apple has patched three actively exploited iOS zero-day vulnerabilities. CVE-2020-27930 is a remote code execution flaw triggered by a memory corruption issue. CVE-2020-27950 is a memory initialization flaw, which causes a kernel memory leak that may allow malicious applications to gain access to kernel memory. CVE-2020-27932 is a kernel ...
With the holiday season upon us, it is important to maintain awareness of the many threats posed by cybercriminals this time of year...
SaltStack disclosed three new vulnerabilities, two of which are considered critical, affecting Salt versions 3002 and prior. CVE-2020-16846 is a shell injection vulnerability and CVE-2020-25592 is an authentication bypass flaw. These two critical flaws affect any users running the Salt API. CVE-2020-17490, assessed to be low severity, affects any ...
After years of focusing on the Asia-Pacific region, the Roaming Mantis group is now targeting smartphone users in US for the first time with the Wroba mobile banking trojan, also known as FunkyBot , which can steal information, harvest financial data, and send SMS messages to self-propagate. The threat ...
Zero-day vulnerabilities exist in both Google Chrome for Android and Desktop that are currently being exploited in the wild. The Chrome for Android heap buffer overflow vulnerability ( CVE-2020-16010 ) was patched in a recent update to version 86.0.4240.185. Chrome for desktop vulnerabilities are also being exploited in the ...
Over the past several months, the NJCCIC noted a significant uptick in the number of distributed denial-of-service (DDOS) attacks in which thousands of malware-infected systems are used to flood organizations’ networks, thereby preventing or impairing the authorized use of the targeted networks, systems, or applications. In some instances, these ...
This Joint Cybersecurity Advisory was coauthored by the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI). CISA and the FBI are aware of an Iranian advanced persistent threat (APT) actor targeting U.S. state websites — to include election websites.
The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) coauthored a Joint Cybersecurity Advisory. This advisory describes the tactics, techniques, and procedures (TTPs) used by cybercriminals against targets in the Healthcare and Public Health Sector (HPH) to ...
As Election Day approaches, threat actors continue to intensify attempts to engage in malicious activity that could sow distrust, create unrest, render services unavailable, or gain access to systems and data. Threat actors have historically targeted the elections process by conducting distributed denial-of-service ( DDoS ) attacks, SQL injections attacks, ...
The National Cyber Security Centre (NCSC) issued a security alert regarding a serious remote code execution (RCE) vulnerability in Microsoft SharePoint. Vulnerability CVE-2020-16952 may allow an attacker to execute arbitrary code remotely, potentially posing a higher risk for multi-tenant environments. A proof of concept has been released for the ...
SonicWall released a security advisory regarding a critical stack-based buffer overflow vulnerability in the VPN Portal of SonicWall’s Network Security Appliance . Vulnerability CVE-2020-5135 may allow a remote attacker to cause a denial-of-service (DoS) condition and potentially execute arbitrary code by sending a malicious request to the firewall. Affected ...
IBM Security Trusteer researchers discovered a new malware, dubbed Vizom, actively targeting online banking users primarily in Brazil. Although Vizom is seen in South America and Europe, it can also be adapted to target other parts of the world, including the US. Vizom is downloaded via malspam and phishing ...
Multiple threat actors are exploiting vulnerabilities identified last month in MobileIron to target Mobile Device Management (MDM) servers after a proof of concept (POC) was publicly released. Attempted attacks include compromised enterprise servers, company network intrusion, and distributed denial-of-service (DDoS). Additionally, the National Security Agency (NSA) identified the MobileIron ...
Recently, threatening emails were sent to registered Democrats claiming to be sent from the Proud Boys organization, described as a far-right, male-only, chauvinistic organization. The email content included language threatening violence if the recipient does not vote for President Trump in the upcoming election; some of the emails also ...
The threat actors behind Emotet continue to evolve their tactics and themes in its new email phishing campaign. Recently , the trojan is spreading via malicious Word and Excel document attachments or links leading to attachments delivered with emails referencing an invoice or work-related matter, COVID-19, or the president’s health. ...
Summary The National Security Agency (NSA) Cybersecurity Advisory details 25 vulnerabilities known to be recently leveraged, or scanned-for, by Chinese state-sponsored cyber actors. Since these techniques include the exploitation of publicly known vulnerabilities, it is critical that network defenders prioritize patching and mitigation efforts . This NSA Cybersecurity Advisory provides ...
Intel is warning of a high-severity vulnerability affecting the Bluetooth stack in Linux kernel versions prior to 5.9 that support BlueZ, typically found in Linux-based IoT devices. The improper input validation vulnerability, CVE-2020-12351 , could allow an unauthorized user to escalate privileges. Proof-of-concept exploits have been developed against this ...
Microsoft recently patched a remote code execution (RCE) vulnerability in Windows TCP/IP stack handling of Internet Control Message Protocol version 6 (ICMPv6) Router Advertisement packets. Successful exploitation of the vulnerability – CVE-2020-16898 – could allow a remote threat actor to control an affected system and cause a denial-of-service condition. ...
Proofpoint researchers observed a spear-phishing campaign, “employer21,” targeting teachers. The emails appear to be from parents or guardians attempting to deliver a student’s assignment after issues submitting the assignment the “usual way.” A ZIP attachment accompanies the email and, if opened and macros are enabled, downloads ransomware. Though this ...
While millions of people are unemployed, seek financial assistance, and look for work as a result of the COVID-19 pandemic, threat actors are also trying to cash in. These malicious actors are using fraudulent emails, websites, and robocalls to target the unemployed in order to steal their identities and intercept ...
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released a Joint Cybersecurity Advisory regarding a recently observed advanced persistent threat (APT) actors exploiting multiple legacy vulnerabilities in combination with a newer privilege escalation vulnerability - CVE-2020-1472 - in Windows Netlogon. The commonly used ...
The NJCCIC continues to receive reports of ransomware incidents impacting NJ businesses, organizations, and private citizens, resulting in operational disruptions, financial loss, and/or data exfiltration. The US leads as the most targeted country for ransomware. Ransomware can infect and spread as a result of phishing emails, internet-facing vulnerabilities and misconfigurations, ...
A new advanced persistent threat (APT) group, dubbed XDSpy, remained undetected for nearly nine years before they were recently discovered by the ESET research team. The group has been involved in reconnaissance and document-stealing activity against targets in Belarus, Moldova, Russia, Serbia, and Ukraine, though other targets may still ...
Researchers from Malwarebytes Labs discovered a new cyber-attack, dubbed Kraken, which utilizes Windows Error Reporting (WER) to evade detection. The Kraken payload is injected into the WER service WerFault.exe – a service that typically runs when there is an error related to a device’s operating system, feature, or application. ...
Ttint, a newly-discovered IoT botnet has been observed exploiting two critical zero-day vulnerabilities, CVE-2018-14558 and CVE-2020-10987 , in an attempt to compromise Tenda routers. The Mirai -based botnet has a wide array of capabilities, which include implementing 12 remote access functions and supporting a total of 22 commands, with ...
Emotet has been identified by the Cybersecurity and Infrastructure Security (CISA) as one of the most prevalent ongoing threats. CISA issued an alert ( AA20-280A ) after a surge of Emotet activity was detected using their Intrusion Detection System (IDS), EINSTEIN. Since July 2020, CISA identified roughly 16,000 alerts ...
The substantial increase in remote work and education, use of technology including Virtual Private Networks (VPN) connections, and reliance on various online services and resources raises cybersecurity concerns as organizations may be subject to cyberattacks, such as distributed denial-of-service (DDOS) attacks. DDOS attacks can disrupt the availability of networked devices, ...
Over the weekend, the network of Universal Health Services (UHS), one of the largest healthcare providers in the United States, was impacted by an alleged ransomware attack. According to a statement released by UHS, the network is currently offline due to an IT security issue; however, no patient or ...
Web browsers typically accept user-friendly domain names (hxxps://google[.]com) or dotted decimal IP address (hxxps://216.58.199[.]78). Cyber-criminals continue to change tactics and techniques to evade detection with the use of URL obfuscation in a recent spam campaign. They are using hexadecimal IP addresses (hxxps://0[x]D83AC74E) as the URL link in emails to ...
Microsoft revealed that it is actively tracking threat actors exploiting the Zerologon vulnerability ( CVE-2020-1472 ) in Netlogon, the protocol used by Windows systems to authenticate to a domain controller. The vulnerability could be exploited to manipulate Netlogon authentication procedures to impersonate a system on the network, disable Netlogon ...
Multiple vulnerabilities have been discovered in iCloud for Windows and macOS. The most severe of these vulnerabilities could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could result in arbitrary code execution within the context of the application, an attacker gaining the same ...
Multiple vulnerabilities have been discovered in Microsoft Edge, the most severe of which could allow for arbitrary code execution. Microsoft Edge is a web browser used to access the Internet. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the ...
As National Cybersecurity Awareness Month in October approaches, we continue to raise awareness about cybersecurity and best practices. Phishing remains a common email technique used by cyber-criminals to deceive individuals into disclosing sensitive information, clicking links, or opening attachments. These malicious emails can also be used to steal user login ...
Researchers from New Jersey’s Stevens Institute of Technology, ETH Zurich, and Amsterdam’s Vrije University VUSec Group developed a new side-channel attack technique, dubbed BlindSide, which abuses speculative execution to craft exploits to bypass ASLR (Address Space Layout Randomization). An attack begins with common software vulnerabilities, such as memory corruption ...
DEVCORE researchers discovered three vulnerabilities in MobileIron that, if exploited, could allow threat actors to perform remote code execution ( CVE-2020-15505 ), read arbitrary files ( CVE-2020-15507 ), and remotely bypass authentication ( CVE_2020-1506 ). MobileIron provides organizations with Unified Endpoint Management (UEM), also known as Mobile Device Management ...
Between Friday, September 11 and Monday, September 14, 2020, at least 1,904 Magento e-commerce sites were compromised in the largest known automated Magento hack. The Magecart attacks, in which malicious code is injected into the checkout pages of online stores and payment card data is stolen, were largely conducted ...
Proof-of-concept (POC) code was published to exploit an elevation of privilege vulnerability – CVE-2020-1472 – found in Netlogon, the protocol used for authentication against domain controllers. The vulnerability, dubbed Zerologon, received a severity score of 10 and can be exploited to manipulate Netlogon authentication procedures to impersonate a system ...
The NJCCIC continues to receive incident reports from citizens throughout the state who are impacted by gift card scams. The tactics used in these attempts vary, but include techniques such as purporting to be requests from a boss, claims the funds will be used for charity, and impersonation of a ...
The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) are issuing a Joint Cybersecurity Advisory based on their awareness of an Iran-based malicious cyber actor targeting several U.S. federal agencies and other U.S.-based networks. Analysis of the threat actor’s indicators of compromise (IOCs) and tactics, ...
Several vulnerabilities were found in Palo Alto PAN-OS, including buffer overflow, reflected cross-site scripting, denial-of-service, and command injection flaws. The most severe vulnerabilities could enable a remote threat actor to execute arbitrary code on the affected application. Recommendations The NJCCIC recommends administrators review the Palo Alto Networks Security Advisory ...
Researchers identified a vulnerability in the Cross-Transport Key Derivation (CTKD), a standard used for pairing and encryption, in devices that support Bluetooth BR/EDR and LE versions 4.0 through 5.0. The vulnerability, dubbed BLURtooth, can be exploited by threat actors to manipulate the CTKD and overwrite Bluetooth authentication keys and ...
Threat actors are actively exploiting a zero-day vulnerability affecting a WordPress plugin. The flaw resides in File Manager, a plugin designed to help WordPress administrators manage files on their websites. Active attacks are executed by deploying a command to upload PHP files containing webshells hidden within an image to ...
Cybercriminal group Evilnum, known to target the financial sector, changed tactics in recent months. The group is employing PyVil, a new Python remote access trojan (RAT), which enables the threat actor to exfiltrate data, log keystrokes, take screenshots, and download additional tools and malware. PyVil is delivered to targets ...
After a return to the cyber threat scene this summer following a months-long hiatus, the threat actors behind the Emotet trojan continue to increase their activity, with a large uptick occurring since the beginning of September. Based on information from the NJCCIC’s email security solution, threat actors are attempting ...
Summary Multiple vulnerabilities have been discovered in Palo Alto PAN-OS, the most severe of which could allow for arbitrary code execution. PAN-OS is an operating system for Palo Alto Network Appliances. An attacker can exploit this issue by sending a malicious request to the Captive Portal or Multi-Factor Authentication interface. ...
Summary Multiple vulnerabilities have been discovered in Cisco Jabber for Windows the most severe of which could allow for arbitrary code execution. Cisco Jabber provides instant messaging (IM), voice, video, voice messaging, desktop sharing, and conferencing on any device. Successful exploitation of the most severe of these vulnerabilities could allow ...
Summary A vulnerability has been discovered in the File Manager plugin that could allow for remote code execution. WordPress is a web-based publishing application implemented in PHP, and the File Manager Plugin allows site Admins to upload, edit, delete files and folders directly from the WordPress backend without having to ...
Automated teller machine (ATM) companies Diebold and NCR released updates to fix a number of vulnerabilities discovered last year that may have permitted deposit forgery attacks. Deposit forgery flaws, which are considered rare, may be exploited by an attacker who has physical access to an affected ATM by intercepting and modifying messages while depositing funds, artificially increasing the deposited amount, and then withdrawing the excess funds ...
In late 2019, ransomware threat actors began threatening to release data stolen from victim networks if ransom demands were not paid. This tactic is increasingly common , and is consistent with recent incident reports submitted to the NJCCIC. Additionally, several threat actors – Darkside being one of the newest ...
The US Financial Industry Regulatory Authority (FINRA) issued a warning detailing the malicious use of the finnra[.]org domain to impersonate the authority by using an extra "n' in the domain name. The registration form on the spoofed site, if completed and submitted, collects sensitive information and could potentially be ...
Threat actors, claiming to be notorious threat groups APT28 and the Armada Collective, are targeting multiple sectors, such as finance and retail, and threatening organizations with distributed denial-of-service (DDoS) attacks. The extortion attempt begins with a threatening email warning of a future DDoS attack against their organization if a ...
Researchers at Trend Micro detailed a Mac malware, known as XCSSET, that exploits Xcode projects to compromise Safari and other web browsers. The Xcode projects are modified in order to run malicious code as the projects are built, leading to the download of the XCSSET malware. When compromising the ...
Guardicore researchers discovered a new sophisticated peer-to-peer (P2P) botnet dubbed FritzFrog. The malware attempts to brute force and propagate via SSH servers, and is actively targeting education, government, finance, telecommunications, and healthcare sectors with a primary goal of deploying XMRig to mine for the Monero cryptocurrency. FritzFrog successfully breached ...
The NJCCIC observed attempts to deliver malware to NJ state employees consi stent with open-source reporting , as well as an increase in incident reports from NJ businesses, organizations, and citizens . These malicious attempts include phishing emails, banking and information stealers, and ransomware, or a combination of these. ...
The Federal Bureau of Investigation (FBI) and National Security Agency (NSA) released a joint cybersecurity advisory for previously undisclosed Russian malware. The Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS) military unit 26165, whose activity is sometimes identified by the private sector as Fancy ...
cPanel and WebHost Manager (WHM) users discovered a phishing campaign claiming to be a security advisory from cPanel to notify them of critical vulnerabilities in their web hosting management panel. The phishing email appears to be authentic, contains the subject line "cPanel Urgent Update Request," and includes a link ...
Malwarebytes Labs discovered a new credit card skimming campaign tied to the Magecart group using homoglyph techniques. This technique leverages fraudulent domain names that appear legitimate due to similar-looking alphabets or characters. Threat actors use several domain names to load the Inter skimming kit inside of a favicon file, ...
Agent Tesla , an advanced remote access trojan (RAT), remains persistent and shows an upward trend as an information stealer and keylogger. The NJCCIC continues to observe multiple campaigns claiming to be shipping notifications, purchase orders, and invoices attempting to steal credentials or download malware. The emails contain PDF ...
The Cybersecurity and Infrastructure Security Agency (CISA) is currently tracking an unknown malicious cyber actor who is spoofing the Small Business Administration (SBA) COVID-19 loan relief webpage via phishing emails. These emails include a malicious link to the spoofed SBA website that the cyber actor is using for malicious ...
A vulnerability has been discovered in Zoho ManageEngine ADSelfService Plus, which could allow for remote code execution. ManageEngine ADSelfService Plus is an integrated Active Directory self-service password management and single sign on solution by ZOHO Corporation. Successful exploitation of this vulnerability may allow an unauthenticated attacker to remotely execute ...
Multiple vulnerabilities have been discovered in Adobe Acrobat and Adobe Reader, the most severe of which could allow for arbitrary code execution. Adobe Acrobat is a family of software developed by Adobe Inc. to view, create, manipulate, print, and manage files in PDF format. Adobe Reader is the free ...
Multiple vulnerabilities have been discovered in SAP products, the most severe of which could allow for arbitrary code execution. SAP is a software company which creates software to manage business operations and customer relations. Successful exploitation of the most severe of these vulnerabilities could allow an unauthenticated, remote attacker ...
Multiple vulnerabilities have been discovered in PHP, the most severe of which could allow for arbitrary code execution. PHP is a programming language originally designed for use in web-based applications with HTML content. PHP supports a wide variety of platforms and is used by numerous web-based software applications. Successful ...
Multiple vulnerabilities have been discovered in Apache web server, the most severe of which could allow for remote code execution. Apache web server is a piece of software developed by the Apache software foundation as a free open source tool used to host websites. Successful exploitation of the most ...
Mobile devices store and share device geolocation data by design. This data is essential to device communications and provides features—such as mapping applications—that users consider indispensable. Mobile devices determine location through any combination of Global Positioning System (GPS) and wireless signals (e.g., cellular, wireless, or Bluetooth). Location data can ...
Three vulnerabilities have been discovered in WordPress Newsletter , a plugin designed to assist subscribers in building and delivering marketing newsletters and emails. During analysis of the first reported vulnerability, researchers discovered two additional vulnerabilities –an authenticated reflected Cross-Site Scripting (XSS) vulnerability considered medium severity, and a PHP Object ...
An Iranian advanced persistent threat (APT) group, known as APT34 or OilRig, is employing the DNS-over-HTTPS (DoH) protocol via the DNSExfiltrator open-source project in recent attacks. DNSExfiltrator creates covert communication channels and uses traditional and DoH requests to exfiltrate data from compromised networks by hiding it in non-standard protocols. ...
Netwalker is a human-operated Ransomware-as-a-Service (RaaS) operation first observed in mid-2019. The operators behind the ransomware gain 60-70 percent of the ransom payments collected by the RaaS users. According to McAfee , between March 1, 2020 and July 27, 2020, the total amount netted through Netwalker ransoms was $25 ...
In the month of July, threat actors attempted to deliver malicious emails to NJ state employees through various campaigns. Most notably, there was a substantial increase in the amount of emails attempting to deliver Emotet, which the NJCCIC highlighted a few weeks ago and is evident in the comparison ...
The FBI has observed cyber-criminals targeting computer network infrastructure after an operating system achieves end of life status. Continuing to use Windows 7 within an enterprise may provide cyber-criminals access into computer systems. As time passes, Windows 7 becomes more vulnerable to exploitation due to lack of security updates ...
Today, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense (DoD) published a Malware Analysis Report regarding a malware variant used by Chinese government cyber actors, which is known as TAIDOOR. The FBI has high confidence that Chinese government actors ...
Cisco released advisories detailing critical vulnerabilities in two of their products. One is a vulnerability affecting Cisco Data Center Network Manager (DCNM) that could allow any internet user to bypass the web interface login and make actions as administrator of that device. The vulnerability, CVE-2020-3382 , is found in ...
Researchers from Trend Micro discovered a password-protected webshell, dubbed Ensiko, that targets multiple platforms, including Windows, macOS, Linux, and any other platform with PHP installed. Ensiko exploits web application vulnerabilities or gains access to an already-compromised web server, and then remotely controls the system and encrypts files using the ...
The way organizations conduct business and how users access corporate networks, resources, and data have changed significantly with the dramatic increase in remote workforce this year, resulting in vulnerable people, processes, and technology. Organizations depend on secure and reputable business productivity suites, such as Microsoft Office 365, to work ...
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the ...
As of June 2020, the FBI has received notifications of Netwalker ransomware attacks on U.S. and foreign government organizations, education entities, private companies, and health agencies by unidentified cyber actors. Netwalker became widely recognized in March 2020, after intrusions on an Australian transportation and logistics company and a U.S. ...
The Cybersecurity and Infrastructure Security Agency (CISA) is issuing Alert ( AA20-206A ) in response to recently disclosed exploits that target F5 BIG-IP devices that are vulnerable to CVE-2020-5902 . F5 Networks, Inc. (F5) released a patch for CVE-2020-5902 on June 30, 2020. Unpatched F5 BIG-IP devices are an ...
On July 23, 2020, the National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) released Activity Alert AA20-205A , which highlights the recent offensive malicious cyber activity perpetrated against critical infrastructure (CI) by exploiting internet-accessible operational technology (OT) assets. Due to the increase in adversary capabilities and ...
A vulnerability, CVE-2020-1147 , was found in two .NET components used to manage data sets in Microsoft SharePoint, .NET Framework, and Visual Studio. A threat actor could exploit this vulnerability by uploading a specially-crafted document to a server using an affected product. This could allow the arbitrary code to ...
The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.
View our Privacy Policy here.
View our Site Index here.