BLOG

Unpaid Road Toll SMiShing Scams Resurface

In April 2024, the NJCCIC reported an uptick in unpaid road toll SMiShing scams. Similar SMiShing scams have resurfaced, as threat actors are impersonating multiple road toll agencies nationwide to target New Jersey residents to collect personal and financial information. Threat actors also target residents in other states, including Massachusetts, Connecticut, California, Maryland, Virginia, and … Continue reading Unpaid Road Toll SMiShing Scams Resurface
Thu, 16 Jan 2025 20:18:31 +0000

FunkSec RaaS Dominates the Ransomware Landscape in December

An emerging ransomware-as-a-service (RaaS) called FunkSec claimed over 80 victims in December alone, making it the most prolific threat actor that month. FunkSec uses recycled datasets from previous hacks and is likely made up of inexperienced hackers seeking recognition. The group typically demanded modest ransoms as low as $10,000 and was observed selling the stolen … Continue reading FunkSec RaaS Dominates the Ransomware Landscape in December
Thu, 16 Jan 2025 20:17:27 +0000

Fasthttp Abused to Compromise Microsoft 365 Accounts

Analysts discovered threat actors leveraging the Fasthttp Go library to gain unauthorized access to Microsoft 365 accounts through high-speed brute-force login attempts and MFA fatigue as recently as January 6. Fasthttp is a high-performance HTTP server and client library designed for more efficient HTTP request handling, resulting in lower latency under high load. These attacks … Continue reading Fasthttp Abused to Compromise Microsoft 365 Accounts
Thu, 16 Jan 2025 20:15:11 +0000

Have HIPAA DATA

Read this SUMMARY: The Department of Health and Human Services (HHS or “Department”) is issuing this notice of proposed rulemaking (NPRM) to solicit comment on its proposal to modify the Security Standards for the Protection of Electronic Protected Health Information (“Security Rule”) under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the … Continue reading Have HIPAA DATA
Wed, 15 Jan 2025 13:18:07 +0000

Multiple Vulnerabilities in Fortinet Products Could Allow for Remote Code Execution – PATCH: NOW

Multiple vulnerabilities have been discovered Fortinet Products, the most severe of which could allow for remote code execution. FortiManager is a network and security management tool that provides centralized management of Fortinet devices from a single console. FortiOS is the Fortinet’s proprietary Operation System which is utilized across multiple product lines. FortiProxy is a secure … Continue reading Multiple Vulnerabilities in Fortinet Products Could Allow for Remote Code Execution – PATCH: NOW
Wed, 15 Jan 2025 13:13:33 +0000

Comment Period Extended: Mitigating Cybersecurity and Privacy Risks in Telehealth Smart Home Integration Cybersecurity White Paper

The National Cybersecurity Center of Excellence (NCCoE) has released for public comment the draft of NIST Cybersecurity White Paper (CSWP) 34, Mitigating Cybersecurity and Privacy Risks in Telehealth Smart Home Integration. The public comment period for this draft has been extended until 11:59 p.m. EST on January 21, 2025. All comments that are received will … Continue reading Comment Period Extended: Mitigating Cybersecurity and Privacy Risks in Telehealth Smart Home Integration Cybersecurity White Paper
Tue, 14 Jan 2025 21:38:17 +0000

Comment Period on Draft Enhanced Security Requirements for Protecting Controlled Unclassified Information Extended until 1/17/25

NIST extends the public comment period on the initial public draft (ipd) of NIST Special Publication (SP) 800-172r3 (Revision 3), Enhanced Security Requirements for Protecting Controlled Unclassified Information (CUI) until January 17, 2025.  NIST strongly encourages you to use the comment template and submit comments to 800-171comments@list.nist.gov. Comments received in response to this request will be posted on the Protecting CUI … Continue reading Comment Period on Draft Enhanced Security Requirements for Protecting Controlled Unclassified Information Extended until 1/17/25
Tue, 14 Jan 2025 21:36:46 +0000

Cybersecurity Clinics: Educating the Next Generation of Cybersecurity Leaders While Safeguarding Small Businesses

Colleges and universities have long been a valuable resource for small businesses in their communities. Examples of support and outreach include running start-up incubators and accelerators, hosting small business development centers, providing a source of interns and entry-level workforce members, hosting legal and medical clinics, and much more. Recently, higher education, with support from industry … Continue reading Cybersecurity Clinics: Educating the Next Generation of Cybersecurity Leaders While Safeguarding Small Businesses
Tue, 14 Jan 2025 21:35:31 +0000

New Year, New Round of Sextortion Scams

The NJCCIC received incident reports indicating that the well-known sextortion email scam is again circulating. Some reports noted that the threatening message was included in a PDF attachment named after the target rather than in the body of the email. The targeted individual’s phone number and home address are included in the bolded first line … Continue reading New Year, New Round of Sextortion Scams
Tue, 14 Jan 2025 21:34:08 +0000

Compromised Browser Extensions

Browser extensions frequently grant extensive permissions to sensitive user information, including identity information, cookies, browsing history and data, passwords, web page content, text input, and audio/video capture. Unfortunately, many organizations may not know what extensions are installed on their systems, the permissions granted, or the vulnerabilities or attack vectors associated with the extensions, such as … Continue reading Compromised Browser Extensions
Tue, 14 Jan 2025 21:31:34 +0000