Unpaid Road Toll SMiShing Scams Resurface
In April 2024, the NJCCIC reported an uptick in unpaid road toll SMiShing scams. Similar SMiShing scams have resurfaced, as threat actors are impersonating multiple road toll agencies nationwide to target New Jersey residents to collect personal and financial information. Threat actors also target residents in other states, including Massachusetts, Connecticut, California, Maryland, Virginia, and …
Continue reading Unpaid Road Toll SMiShing Scams ResurfaceThu, 16 Jan 2025 20:18:31 +0000
FunkSec RaaS Dominates the Ransomware Landscape in December
An emerging ransomware-as-a-service (RaaS) called FunkSec claimed over 80 victims in December alone, making it the most prolific threat actor that month. FunkSec uses recycled datasets from previous hacks and is likely made up of inexperienced hackers seeking recognition. The group typically demanded modest ransoms as low as $10,000 and was observed selling the stolen …
Continue reading FunkSec RaaS Dominates the Ransomware Landscape in DecemberThu, 16 Jan 2025 20:17:27 +0000
Fasthttp Abused to Compromise Microsoft 365 Accounts
Analysts discovered threat actors leveraging the Fasthttp Go library to gain unauthorized access to Microsoft 365 accounts through high-speed brute-force login attempts and MFA fatigue as recently as January 6. Fasthttp is a high-performance HTTP server and client library designed for more efficient HTTP request handling, resulting in lower latency under high load. These attacks …
Continue reading Fasthttp Abused to Compromise Microsoft 365 AccountsThu, 16 Jan 2025 20:15:11 +0000
Have HIPAA DATA
Read this SUMMARY: The Department of Health and Human Services (HHS or “Department”) is issuing this notice of proposed rulemaking (NPRM) to solicit comment on its proposal to modify the Security Standards for the Protection of Electronic Protected Health Information (“Security Rule”) under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the …
Continue reading Have HIPAA DATAWed, 15 Jan 2025 13:18:07 +0000
Multiple Vulnerabilities in Fortinet Products Could Allow for Remote Code Execution – PATCH: NOW
Multiple vulnerabilities have been discovered Fortinet Products, the most severe of which could allow for remote code execution. FortiManager is a network and security management tool that provides centralized management of Fortinet devices from a single console. FortiOS is the Fortinet’s proprietary Operation System which is utilized across multiple product lines. FortiProxy is a secure …
Continue reading Multiple Vulnerabilities in Fortinet Products Could Allow for Remote Code Execution – PATCH: NOWWed, 15 Jan 2025 13:13:33 +0000
Comment Period Extended: Mitigating Cybersecurity and Privacy Risks in Telehealth Smart Home Integration Cybersecurity White Paper
The National Cybersecurity Center of Excellence (NCCoE) has released for public comment the draft of NIST Cybersecurity White Paper (CSWP) 34, Mitigating Cybersecurity and Privacy Risks in Telehealth Smart Home Integration. The public comment period for this draft has been extended until 11:59 p.m. EST on January 21, 2025. All comments that are received will …
Continue reading Comment Period Extended: Mitigating Cybersecurity and Privacy Risks in Telehealth Smart Home Integration Cybersecurity White PaperTue, 14 Jan 2025 21:38:17 +0000
Comment Period on Draft Enhanced Security Requirements for Protecting Controlled Unclassified Information Extended until 1/17/25
NIST extends the public comment period on the initial public draft (ipd) of NIST Special Publication (SP) 800-172r3 (Revision 3), Enhanced Security Requirements for Protecting Controlled Unclassified Information (CUI) until January 17, 2025. NIST strongly encourages you to use the comment template and submit comments to 800-171comments@list.nist.gov. Comments received in response to this request will be posted on the Protecting CUI …
Continue reading Comment Period on Draft Enhanced Security Requirements for Protecting Controlled Unclassified Information Extended until 1/17/25Tue, 14 Jan 2025 21:36:46 +0000
Cybersecurity Clinics: Educating the Next Generation of Cybersecurity Leaders While Safeguarding Small Businesses
Colleges and universities have long been a valuable resource for small businesses in their communities. Examples of support and outreach include running start-up incubators and accelerators, hosting small business development centers, providing a source of interns and entry-level workforce members, hosting legal and medical clinics, and much more. Recently, higher education, with support from industry …
Continue reading Cybersecurity Clinics: Educating the Next Generation of Cybersecurity Leaders While Safeguarding Small BusinessesTue, 14 Jan 2025 21:35:31 +0000
New Year, New Round of Sextortion Scams
The NJCCIC received incident reports indicating that the well-known sextortion email scam is again circulating. Some reports noted that the threatening message was included in a PDF attachment named after the target rather than in the body of the email. The targeted individual’s phone number and home address are included in the bolded first line …
Continue reading New Year, New Round of Sextortion ScamsTue, 14 Jan 2025 21:34:08 +0000
Compromised Browser Extensions
Browser extensions frequently grant extensive permissions to sensitive user information, including identity information, cookies, browsing history and data, passwords, web page content, text input, and audio/video capture. Unfortunately, many organizations may not know what extensions are installed on their systems, the permissions granted, or the vulnerabilities or attack vectors associated with the extensions, such as …
Continue reading Compromised Browser ExtensionsTue, 14 Jan 2025 21:31:34 +0000