Skip to the main content.
Government Programs
Integrated technology, solutions, and services that support rapid innovation within the DoD ecosystem.

CMMC Preparation & Assessment
Cybersecurity Assurance Readiness (CSAR/RMF Pro)
ATO/RMF Support

Book GP Demo

Professional Services
Expertise in security strategy, incident response readiness, policy development, and risk assessments.

Risk Assessments
Penetration Testing

Book ProServ Demo

Digital Forensics & Incident Response
Are You Under Attack?

If you are concerned about a potential threat or are experiencing a breach, contact our 24/7/365 emergency hotline at 888-860-0452.


Subscribe-to-NetSec-News-v4Subscribe to NetSec News

Sign up to receive our biweekly newsletter that covers what's happening in cybersecurity including news, trends, and thought leadership.


Ingalls Information Security

At our core, Ingalls is a company that strives to be helpful to our clients while continuously innovating and evolving our technology and solutions. Since 2010, we have been dedicated to building a team and product that can stay steps ahead of threats, attacks, and vulnerabilities in an ever-changing landscape.

Meet The Leadership Team

2 min read

Articles of interest from the week of February 13, 2023

Patch Now: Apple's iOS, iPadOS, macOS, and Safari Under Attack with New Zero-Day Flaw

Apple on Monday rolled out security updates for iOS, iPadOS, macOS, and Safari to address a zero-day flaw that it said has been actively exploited in the wild. 

Tracked as CVE-2023-23529, the issue relates to a type confusion bug in the WebKit browser engine that could be activated when processing maliciously crafted web content, culminating in arbitrary code execution. (The Hacker News)

NSN Email Template v4_Expert-Take

“There have been more than ten zero-day vulnerabilities patched and announced by Apple since the beginning of 2022. The discovery of vulnerabilities like these illustrate the need for patch management as one layer of a multi-layered cybersecurity strategy. Like a stack of Swiss cheese slices, each layer has some holes, but, by recognizing the holes exist, we can ensure sufficient layers are applied and configured so that no holes line up to allow a breach.”

Kris Brochhausen, SOC Deputy Director at Ingalls Information Security


Hacker Develops New ‘Screenshotter’ Malware To Find
High-Value Targets

A new threat actor tracked as TA886 targets organizations in the United States and Germany with new custom malware to perform surveillance and data theft on infected systems.

The previously unknown cluster of activity was first discovered by Proofpoint in October 2022, with the security firm reporting that it continued into 2023.

The threat actor appears to have financial motivations, performing a preliminary evaluation of breached systems to determine if the target is valuable enough for further intrusion. (BleepingComputer)

United States and United Kingdom Sanction Members of Russia-Based Trickbot Cybercrime Gang

The United States, in coordination with the United Kingdom, is designating seven individuals who are part of the Russia-based cybercrime gang Trickbot. This action represents the very first sanctions of their kind for the U.K. and results from a collaborative partnership between the U.S. Department of the Treasury’s Office of Foreign Assets Control and the U.K.’s Foreign, Commonwealth, and Development Office; National Crime Agency; and His Majesty’s Treasury to disrupt Russian cybercrime and ransomware. (U.S. Department of the Treasury)

Reddit Hacked: Criminals Steal Source Data and Internal Info in Cyberattack

Reddit has confirmed it recently suffered what seems to have been a fairly significant cyberattack that saw attackers make off with sensitive company data. 

In a security notice, Reddit described the incident as a “sophisticated and highly-targeted phishing attack”. (TechRadar)

Clop Ransomware Claims It Breached 130 Orgs Using
GoAnywhere Zero-Day

The Clop ransomware gang claims to be behind recent attacks that exploited a zero-day vulnerability in the GoAnywhere MFT secure file transfer tool, saying they stole data from over 130 organizations.

The security flaw, now tracked as CVE-2023-0669, enables attackers to gain remote code execution on unpatched GoAnywhere MFT instances with their administrative console exposed to Internet access. (BleepingComputer)

Sign Up For Network Security News