Skip to the main content.
Under Attack? Login
Under Attack? Login
Managed Extended Detection & Response
Layered cybersecurity controls for effective risk management and rapid response.

24/7/365 Monitoring & Alerting
Compromise Assessments
Threat Hunting
Vulnerability Management

Book MXDR Demo

Government Programs
Integrated technology, solutions, and services that support rapid innovation within the DoD ecosystem.

CMMC Preparation & Assessment
Cybersecurity Assurance Readiness (CSAR/RMF Pro)
ATO/RMF Support

Book GP Demo

Professional Services
Expertise in security strategy, incident response readiness, policy development, and risk assessments.

Risk Assessments
vCISO
Penetration Testing

Book ProServ Demo

Digital Forensics & Incident Response
Are You Under Attack?

If you are concerned about a potential threat or are experiencing a breach, contact our 24/7/365 emergency hotline at 888-860-0452.

CONTACT US

Resources

Subscribe-to-NetSec-News-v4Subscribe to NetSec News

Sign up to receive our biweekly newsletter that covers what's happening in cybersecurity including news, trends, and thought leadership.

SIGN UP

Company

Ingalls Information Security

At our core, Ingalls is a company that strives to be helpful to our clients while continuously innovating and evolving our technology and solutions. Since 2010, we have been dedicated to building a team and product that can stay steps ahead of threats, attacks, and vulnerabilities in an ever-changing landscape.

Meet The Leadership Team

1 min read

Articles of interest from the week of August 14, 2023

Picture of John Frasier John Frasier Aug 17, 2023 11:14:54 AM

Network Security News Weekly

New PaperCut Critical Bug Exposes Unpatched Servers to RCE Attacks

PaperCut recently fixed a critical security vulnerability in its NG/MF print management software that allows unauthenticated attackers to gain remote code execution on unpatched Windows servers.

Tracked as CVE-2023-39143, the flaw results from a chain of two path traversal weaknesses discovered by Horizon3 security researchers that enable threat actors to read, delete, and upload arbitrary files on compromised systems following low-complexity attacks that don't require user interaction. (BleepingComputer)

NSN Email Template v4_Expert-Take
 

"Comprehending the capabilities and features of diverse software and products before deployment is now more critical than ever. While specific features can enhance usability and functionality, understanding the mechanics of these integrations and configuring them properly, or disabling them altogether if unnecessary, can assist in mitigating vulnerabilities such as this.

Craig Flynn, SOC Analyst Lead at Ingalls Information Security
 

 

Takeovers of MFA-Protected Accounts Increase, As Microsoft 365 Phishing Campaign Shows

The new phishing campaign targets business executives and uses EvilProxy to defeat multifactor authentication. (CSO)

 

Microsoft Patch Tuesday, August 2023 Edition

Microsoft Corp. recently issued software updates to plug more than 70 security holes in its Windows operating systems and related products, including multiple zero-day vulnerabilities currently being exploited in the wild. (Krebs on Security)

 

Over 120,000 Computers Compromised by Info Stealers Linked to Users of Cybercrime Forums

A "staggering" 120,000 computers infected by stealer malware have credentials associated with cybercrime forums, many of them belonging to malicious actors. (The Hacker News)

 

Whirlpool Malware Rips Open Old Barracuda Wounds

CISA has found yet another backdoor malware variant in compromised Barracuda systems with zero-day ESG vulnerability. Advanced persistent threat (APT) attacks targeting a former zero-day remote command injection vulnerability in Barracuda email security gateway (ESG) appliances have been detected by the US cybersecurity and infrastructure security agency. (CSO)

 
Sign Up For Network Security News