The last day to apply for a NJOHSP spring 2025 in-person paid internship program is November 14. The internship runs from January 21, 2025, through April 11, 2025, and is offered to undergraduate and graduate college students who are interested in applying to one of three NJOHSP Divisions – Intelligence and Operations (Hamilton Office), Preparedness (Hamilton Office), the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC) (Hamilton, West Trenton, or Newark) and the Communications Bureau (Hamilton Office). The program, also offered during the summer and fall, helps interns develop and apply their educational training to a real-world setting as they explore various NJOHSP career paths. Applicants may select the Communications Bureau or Division of their interest. Hours of work are Monday through Friday within the business hours of 8 a.m. to 5 p.m. Interns are limited to no more than 21 hours per week. For more information and to apply, visit NJOHSP’s careers web page.

Federal officials charged Farhad Shakeri, 51, of Iran; Carlisle Rivera, also known as “Pop,” 49, of Brooklyn, New York; and Jonathon Loadholt, 36, of Staten Island, New York, on November 8 in connection with their alleged involvement in a plot to murder a U.S. citizen of Iranian origin in New York. Federal authorities arrested Rivera and Loadholt in New York on November 7. The third subject, Shakeri, remains at large and is believed to reside in Iran. U.S. Attorney General Merrick Garland said that “the Justice Department has charged an asset of the Iranian regime who was tasked by the regime to direct a network of criminal associates to further Iran’s assassination plots against its targets, including President-elect Donald Trump.” Other targets allegedly included an American journalist, who was critical of the regime.

Analyst Comment: Iran has long attempted to target political opponents, dissidents, journalists, and others living abroad through transnational repression to silence their activities and coerce compliance. These arrests highlight another attempt by the regime to further their goals and attempt to disrupt American sovereignty.

LastPass Password Manager warned customers about a new social engineering campaign in which threat actors are leaving five-star reviews, posing as support on the LastPass extension review page on Google Chrome. In these reviews, they provide customers with a phone number to contact for help resolving potential issues.

If contacted, users connect with someone claiming to support LastPass. They ask the user about their support issue, how they access LastPass, and which operating system they use. Once they gather the basic information, the threat actors direct their target to dghelp[.]top to enter a code to download a ConnectWise ScreenConnect agent, which gives the threat actors access to the target’s computer. While the user is still engaged with the call, the scammer can install other malicious infostealing software.

Researchers have found the phony support phone number 805-206-2892 associated with this scam to be linked to a larger campaign involving several other companies, including Adobe, Amazon, Capital One, Netflix, and Verizon. In some instances, the fake support number has not been limited to Chrome extension reviews and has been posted on other sites, including brand forums and Reddit.

While this campaign has primarily affected Google Chrome users, researchers have recently identified a scam targeting users through Microsoft Bing’s search engine. Users searching for “Keybank login” will yield a malicious copycat page as the top result. This credential harvesting scam appears to abuse Bing’s search algorithm to appear above the official website in the search engine result pages.

The application period for the U.S. Department of Homeland Security Nonprofit Security Grant Program - National Security Supplemental (NSGP-NSS) opens today, November 13, and closes December 22, 2024, at 11:59 p.m.  The online application is available on NJOHSP’s NSGP dedicated web page - Federal Nonprofit Security Grant Program (NSGP). In anticipation of this open application process, nonprofit organizations should obtain a Unique Entity Identifier (UEI) through the federal government’s website sam.gov. The UEI assists the federal government in tracking the disbursement of grant funding and contracts. Potential applicants should also ensure vulnerability risk assessments contain the most current risk landscape affecting the organization.