Articles of interest from the week of March 13, 2023
Cyberattackers Double Down on Bypassing MFA As companies increasingly require stronger versions of security for their employees and customers,...
24/7/365 Monitoring & Alerting
Compromise Assessments
Threat Hunting
Vulnerability Management
CMMC Preparation & Assessment
Cybersecurity Assurance Readiness (CSAR®/RMF Pro)
ATO/RMF Support
If you are concerned about a potential threat or are experiencing a breach, contact our 24/7/365 emergency hotline at 888-860-0452.
Sign up to receive our biweekly newsletter that covers what's happening in cybersecurity including news, trends, and thought leadership.
At our core, Ingalls is a company that strives to be helpful to our clients while continuously innovating and evolving our technology and solutions. Since 2010, we have been dedicated to building a team and product that can stay steps ahead of threats, attacks, and vulnerabilities in an ever-changing landscape.
1 min read
John Frasier : Mar 27, 2023 12:00:00 AM
Bitcoin ATM maker General Bytes disclosed that unidentified threat actors stole cryptocurrency from hot wallets by exploiting a zero-day security flaw in its software. (The Hacker News)
“Payoff can be quick when cryptocurrency is the prize, however, it’s possible that any stolen cryptocurrency can be traced. Headlines like these will drive further criminal interest in cryptocurrency system vulnerabilities. Vendors and service providers should leverage the latest in software and device hardening in order to minimize the likelihood of these outcomes.” – Jason Ingalls, Founder & CEO at Ingalls Information Security |
Apple on Monday backported fixes for an actively exploited security flaw to older iPhone and iPad models.
The issue tracked as CVE-2023-23529, concerns a type confusion bug in the WebKit browser engine that could lead to arbitrary code execution.
It was originally addressed by the tech giant with improved checks as part of updates released on February 13, 2023. An anonymous researcher has been credited with reporting the bug. (The Hacker News)
Some of Twitter's proprietary source code had been publicly available on Github for nearly three months, according to information gleaned from a DMCA Takedown request filed on March 24. (Dark Reading)
Hackers continue to target zero-day vulnerabilities in malicious campaigns, with researchers reporting that 55 zero-days were actively exploited in 2022, most targeting Microsoft, Google, and Apple products.
Most of these vulnerabilities (53 out of 55) enabled the attacker to either gain elevated privileges or perform remote code execution on vulnerable devices. (BleepingComputer)
Over the last several years, endpoints have played a crucial role in cyberattacks. While there are several steps organizations can take to help mitigate endpoint threats – such as knowing what devices are on a network (both on-premises and off-site), quarantining new or returning devices, scanning for threats and vulnerabilities, immediately applying critical patches, etc. – there is still much to be done to ensure endpoint security. (Help Net Security)
Cyberattackers Double Down on Bypassing MFA As companies increasingly require stronger versions of security for their employees and customers,...
1 min read
The Biggest Hacks, Data Breaches of 2020 Cybersecurity may be far from many of our minds this year, and in light of a pandemic and catastrophic...
Europol Details ChatGPT’s Potential for Criminal Abuse With the increased public interest in ChatGPT, the Europol Innovation Lab took the matter...