Local Municipality Impersonation to Steal Data and Funds The NJCCIC received reports of threat actors impersonating multiple New Jersey local municipalities to steal sensitive data and funds and exploit public trust. Threat actors take advantage of residents who interact with their local municipalities regularly and are more likely to trust communications appearing to be official. [...]
The NJCCIC observed a new adversary-in-the-middle (AiTM) phishing campaign aimed at harvesting credentials. This campaign starts with an email claiming to be from the help desk, with a link provided to reset or retain the current password. Upon clicking the provided link, users are directed to a Loveable.app math-based CAPTCHA, which helps threat actors bypass [...]
The NJCCIC received reports of a phishing scam abusing the legitimate Docusign platform and impersonating a New Jersey organization. In the Docusign envelope email notification, the impersonated organization’s name appears in the sender’s display name and the body of the email, and the sender’s domain name displays the legitimate docusign.net domain. However, the body of the email [...]
The NJCCIC assesses that heightened geopolitical tensions and military confrontation in the Middle East significantly increase the risk of offensive cyber operations by both nation-states and those sympathetic to them and their ideology. While the primary targets of these cyber activities may be the entities in the conflict, the interconnected nature of our global digital [...]
Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged-on user. Depending on the [...]
Keeping up with new vulnerabilities can be challenging. To help, CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild: the Known Exploited Vulnerability (KEV) catalog. CISA strongly recommends all organizations review and monitor the KEV catalog and prioritize remediation of the listed vulnerabilities to reduce the likelihood of compromise by [...]
If you are still writing your passwords on sticky notes, or using your dog's name, you need to make some time to learn how to create strong passwords to protect your data. Click here for resources and information provided by the National Cyber Security Alliance.
The Cybersecurity & Infrastructure Security Agency (CISA) recommends all organizations—regardless of size—adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets. Here are some recommendations to help protect your organization: Reduce the likelihood of a damaging cyber intrusion Validate that all remote access to the organization’s network and privileged or [...]
he Multi-State Information Sharing and Analysis Center has issued another advisory relating to vulnerabilities in Google Android OS that could allow for remote code executition with no additional privileges needed. This includes, phones, smart watches, tablets and other devices. Threat Intelligence: Google indicates limited, targeted exploitation of CVE-2024-43093 and CVE-2024-50302. Systems Affected: Android OS patch [...]
Critical Patches Issued for Microsoft Products Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged-on user. Depending on the privileges associated with the user, threat actors could then install programs, view, change, or delete data, or create new accounts [...]
© Copyright 2026 | NJ MEL-JIF | All rights reserved
