Articles of interest from the week of August 28, 2023
New Cyber Incident Notification Requirements for Credit Unions Beginning on September 1, 2023, all federally insured credit unions must notify the...
24/7/365 Monitoring & Alerting
Compromise Assessments
Threat Hunting
Vulnerability Management
CMMC Preparation & Assessment
Cybersecurity Assurance Readiness (CSAR®/RMF Pro)
ATO/RMF Support
If you are concerned about a potential threat or are experiencing a breach, contact our 24/7/365 emergency hotline at 888-860-0452.
Sign up to receive our biweekly newsletter that covers what's happening in cybersecurity including news, trends, and thought leadership.
At our core, Ingalls is a company that strives to be helpful to our clients while continuously innovating and evolving our technology and solutions. Since 2010, we have been dedicated to building a team and product that can stay steps ahead of threats, attacks, and vulnerabilities in an ever-changing landscape.
2 min read
John Frasier : Oct 23, 2023 12:00:00 AM
The AvosLocker ransomware gang has been linked to attacks against critical infrastructure sectors in the U.S., with some of them detected as recently as May 2023. That's according to a new joint cybersecurity advisory released by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) detailing the ransomware-as-a-service (RaaS) operation's tactics, techniques, and procedures (TTPs). (The Hacker News)
“The barrier for new and emerging threat actors to cross to become proficient or even moderately capable has diminished significantly. While their techniques and capabilities are limited they are much more focused on smash-and-grab techniques to exploit vulnerabilities and deploy their ransomware. While this type of activity is increasing, the vast majority of incidents are due to larger, more sophisticated groups exploiting unmanaged devices and applications within corporate networks as well as capitalizing on living-off-the-land techniques to further mask the threat actor’s presence in the environment. That being said, maintaining a proper and concise inventory of devices and applications that are approved and ensuring proper patching is paramount to limit the potential of compromise.” – Craig Flynn, SOC Analyst Lead at Ingalls Information Security |
CVE-2023-38831 has been patched in August 2023, along with another high-severity RCE vulnerability (CVE-2023-40477). Exploited as a zero-day by cybercriminals since April 2023, the vulnerability is now also being used by state-sponsored hacking groups. (Help Net Security)
Third parties are registering brands under the .AI domain to launch phishing attacks or other types of brand abuse. Almost half of Forbes Global 2000 companies do not have control over their branded artificial intelligence (.AI) domain names, which are registered by third parties. That's according to the 2023 Domain Security Report from CSC, which revealed that cybercriminals are exploiting AI's popularity by attempting to register the domains of trusted brands for malicious activity. This is emphasized by a 350% year-over-year increase in domain dispute cases involving .AI extensions in 2023 from companies who discovered that .AI domains using their brands were misappropriated by third parties, according to the research. (CSO)
Eight newly discovered vulnerabilities in the SolarWinds Access Rights Manager Tool (ARM) — including three deemed to be of critical severity — could open the door for attackers to gain the highest levels of privilege in any unpatched systems. (Dark Reading)
On October 23, 2023, 1Password’s CTO, Pedro Canahuati, disclosed the incident, stating that threat actors were unable to access or steal user data during the attack. (HACKREAD)
The threat actors behind ShellBot are leveraging IP addresses transformed into their hexadecimal notation to infiltrate poorly managed Linux SSH servers and deploy the DDoS malware. (The Hacker News)
New Cyber Incident Notification Requirements for Credit Unions Beginning on September 1, 2023, all federally insured credit unions must notify the...
New ShrinkLocker Ransomware Uses BitLocker to Encrypt Your Files A new ransomware strain called ShrinkLocker creates a new boot partition to encrypt...
Black Basta Ransomware Poses as IT Support on Microsoft Teams to Breach Networks The BlackBasta ransomware operation has moved its social engineering...