Skip to the main content.
Government Programs
Integrated technology, solutions, and services that support rapid innovation within the DoD ecosystem.

CMMC Preparation & Assessment
Cybersecurity Assurance Readiness (CSAR®/RMF Pro)
ATO/RMF Support

Book GP Demo

Professional Services
Expertise in security strategy, incident response readiness, policy development, and risk assessments.

Risk Assessments
vCISO
Penetration Testing

Book ProServ Demo

Digital Forensics & Incident Response
Are You Under Attack?

If you are concerned about a potential threat or are experiencing a breach, contact our 24/7/365 emergency hotline at 888-860-0452.

CONTACT US

Subscribe-to-NetSec-News-v4Subscribe to NetSec News

Sign up to receive our biweekly newsletter that covers what's happening in cybersecurity including news, trends, and thought leadership.

SIGN UP

Ingalls Information Security

At our core, Ingalls is a company that strives to be helpful to our clients while continuously innovating and evolving our technology and solutions. Since 2010, we have been dedicated to building a team and product that can stay steps ahead of threats, attacks, and vulnerabilities in an ever-changing landscape.

Meet The Leadership Team

2 min read

Articles of interest from the week of October 23, 2023

FBI, CISA Warn of Rising AvosLocker Ransomware Attacks Against Critical Infrastructure

The AvosLocker ransomware gang has been linked to attacks against critical infrastructure sectors in the U.S., with some of them detected as recently as May 2023. That's according to a new joint cybersecurity advisory released by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) detailing the ransomware-as-a-service (RaaS) operation's tactics, techniques, and procedures (TTPs). (The Hacker News)

NSN Email Template v4_Expert-Take
 

The barrier for new and emerging threat actors to cross to become proficient or even moderately capable has diminished significantly. While their techniques and capabilities are limited they are much more focused on smash-and-grab techniques to exploit vulnerabilities and deploy their ransomware.

While this type of activity is increasing, the vast majority of incidents are due to larger, more sophisticated groups exploiting unmanaged devices and applications within corporate networks as well as capitalizing on living-off-the-land techniques to further mask the threat actor’s presence in the environment. That being said, maintaining a proper and concise inventory of devices and applications that are approved and ensuring proper patching is paramount to limit the potential of compromise.

Craig Flynn, SOC Analyst Lead at Ingalls Information Security

 

 

State-Sponsored APTs Are Leveraging WinRAR Bug

CVE-2023-38831 has been patched in August 2023, along with another high-severity RCE vulnerability (CVE-2023-40477). Exploited as a zero-day by cybercriminals since April 2023, the vulnerability is now also being used by state-sponsored hacking groups. (Help Net Security)

 

Cybercriminals Register .AI Domains of Trusted Brands for Malicious Activity

Third parties are registering brands under the .AI domain to launch phishing attacks or other types of brand abuse. Almost half of Forbes Global 2000 companies do not have control over their branded artificial intelligence (.AI) domain names, which are registered by third parties. That's according to the 2023 Domain Security Report from CSC, which revealed that cybercriminals are exploiting AI's popularity by attempting to register the domains of trusted brands for malicious activity. This is emphasized by a 350% year-over-year increase in domain dispute cases involving .AI extensions in 2023 from companies who discovered that .AI domains using their brands were misappropriated by third parties, according to the research. (CSO)

 

Critical SolarWinds RCE Bugs Enable Unauthorized Network Takeover

Eight newly discovered vulnerabilities in the SolarWinds Access Rights Manager Tool (ARM) — including three deemed to be of critical severity — could open the door for attackers to gain the highest levels of privilege in any unpatched systems. (Dark Reading)

 

1Password Discloses Security Incident Linked to Okta Breach

On October 23, 2023, 1Password’s CTO, Pedro Canahuati, disclosed the incident, stating that threat actors were unable to access or steal user data during the attack. (HACKREAD)

 

ShellBot Uses Hex IPs to Evade Detection in Attacks on Linux SSH Servers

The threat actors behind ShellBot are leveraging IP addresses transformed into their hexadecimal notation to infiltrate poorly managed Linux SSH servers and deploy the DDoS malware. (The Hacker News)

Sign Up For Network Security News
Articles of interest from the week of August 28, 2023

Articles of interest from the week of August 28, 2023

New Cyber Incident Notification Requirements for Credit Unions Beginning on September 1, 2023, all federally insured credit unions must notify the...

Read More
Articles of interest from the week of May 27, 2024

Articles of interest from the week of May 27, 2024

New ShrinkLocker Ransomware Uses BitLocker to Encrypt Your Files A new ransomware strain called ShrinkLocker creates a new boot partition to encrypt...

Read More
Articles of interest from the week of October 28, 2024

Articles of interest from the week of October 28, 2024

Black Basta Ransomware Poses as IT Support on Microsoft Teams to Breach Networks The BlackBasta ransomware operation has moved its social engineering...

Read More