Articles of interest from the week of July 20, 2020
Hacking Attacks on Hospitals for Patient Data Increase During Coronavirus Pandemic More than 80% of medical practices have been the victims of...
24/7/365 Monitoring & Alerting
Compromise Assessments
Threat Hunting
Vulnerability Management
CMMC Preparation & Assessment
Cybersecurity Assurance Readiness (CSAR®/RMF Pro)
ATO/RMF Support
If you are concerned about a potential threat or are experiencing a breach, contact our 24/7/365 emergency hotline at 888-860-0452.
Sign up to receive our biweekly newsletter that covers what's happening in cybersecurity including news, trends, and thought leadership.
At our core, Ingalls is a company that strives to be helpful to our clients while continuously innovating and evolving our technology and solutions. Since 2010, we have been dedicated to building a team and product that can stay steps ahead of threats, attacks, and vulnerabilities in an ever-changing landscape.
2 min read
John Frasier : Apr 24, 2023 12:00:00 AM
Attackers are exploiting severe vulnerabilities in the widely-used PaperCut MF/NG print management software to install Atera remote management software to take over servers.
The software's developer claims it's used by more than 100 million users from over 70,000 companies worldwide.
The two security flaws (tracked as CVE-2023-27350 and CVE-2023-27351) allow remote attackers to bypass authentication and execute arbitrary code on compromised PaperCut servers with SYSTEM privileges in low-complexity attacks that don't require user interaction. (BleepingComputer)
“When implementing scripting capabilities into an application or service, especially one that has the option to be web-exposed, security needs to be a higher priority. It is always important to consider what bad actors may do or how they may abuse a service or application. Innately, we develop and build things with good intentions, however, in order to protect the good people from the bad, it is sometimes crucial to shape our perspective as if we were the bad guys. This perspective shift could help us be more proactive in preventing these types of vulnerabilities, instead of always having to react to them.” – Sean Scully, CTI Threat Hunter at Ingalls Information Security |
The mass compromise of the VoIP firm's customers is the first confirmed incident where one software supply chain attack enabled another, researchers say. (WIRED)
Threat actors use a new hacking tool dubbed AuKill to disable Endpoint Detection & Response (EDR) Software on targets' systems before deploying backdoors and ransomware in Bring Your Own Vulnerable Driver (BYOVD) attacks.
In such attacks, malicious actors drop legitimate drivers signed with a valid certificate and capable of running with kernel privileges on the victims' devices to disable security solutions and take over the system. (BleepingComputer)
A well-tuned data breach playbook can provide security teams with a clear roadmap for working through the breach response process. Foreseeing every possible twist and turn of a breach may be impossible, but through extensive wargaming, teams can simulate diverse situations to give them a proactive edge. (Help Net Security)
Security researchers discovered a new version of the LockBit ransomware which targets Apple's Mac computers for the first time.
As 9To5Mac reports, until now the LockBit ransomware has focused on infecting Windows and Linux machines, but a new build named "locker_Apple_M1_64" suggests macOS infections are imminent. According to MalwareHunterTeam, which discovered the new build, there are versions of the ransomware for PowerPC Macs, too. (PC Magazine)
Hacking Attacks on Hospitals for Patient Data Increase During Coronavirus Pandemic More than 80% of medical practices have been the victims of...
1 min read
Only 8% of Businesses That Paid a Ransom Got All of Their Data Back The average total cost of recovery from a ransomware attack has more than doubled...
Microsoft Patches ‘Wormable’ Flaw in Windows XP, 7 and Windows 2003 Microsoft yesterday took the unusual step of releasing security updates for...