Articles of interest from the week of May 8, 2023
New Cactus Ransomware Encrypts Itself To Evade Antivirus A new ransomware operation called Cactus has been exploiting vulnerabilities in VPN...
24/7/365 Monitoring & Alerting
Compromise Assessments
Threat Hunting
Vulnerability Management
CMMC Preparation & Assessment
Cybersecurity Assurance Readiness (CSAR®/RMF Pro)
ATO/RMF Support
If you are concerned about a potential threat or are experiencing a breach, contact our 24/7/365 emergency hotline at 888-860-0452.
Sign up to receive our biweekly newsletter that covers what's happening in cybersecurity including news, trends, and thought leadership.
At our core, Ingalls is a company that strives to be helpful to our clients while continuously innovating and evolving our technology and solutions. Since 2010, we have been dedicated to building a team and product that can stay steps ahead of threats, attacks, and vulnerabilities in an ever-changing landscape.
2 min read
John Frasier : Jan 15, 2024 12:00:00 AM
The Internal Revenue Service and the Security Summit partners recently alerted tax professionals to watch out for a new round of filing season-related email schemes where cybercriminals pose as potential clients. (IRS)
“Phishing scams pose a heightened threat during tax season, as cybercriminals exploit the urgency and complexity of filing taxes to target unsuspecting taxpayers and tax professionals. – Hunter Landry, Senior SOC Analyst at Ingalls Information Security
“Professional monitoring and personal vigilance are integral parts of the fabric that makes up safeguarding financial service activities. This warning from the IRS Security Summit is a timely reminder that a proactive approach in developing comprehensive strategies for evolving threats is needed. – Jessica Owens, Senior SOC Analyst at Ingalls Information Security |
Google has pushed out an urgent Chrome browser update to fix a trio of high-severity security defects and warned that one of the bugs is already being exploited in the wild. The exploited zero-day, tagged as CVE-2024-0519, is described as an out-of-bounds memory access issue in the V8 JavaScript engine. (SecurityWeek)
A critical Microsoft SharePoint server bug that can form part of a remote code execution (RCE) exploit chain has been added to the Cybersecurity and Infrastructure Security Agency’s (CISA’s) Known Exploited Vulnerabilities (KEV) Catalog. The bug, tracked as CVE-2023-29357, is an elevation of privilege vulnerability with a CVSS v3 score of 9.8. It was patched by Microsoft in June last year. (SC Media)
Cisco has released software updates to address a critical security flaw impacting Unity Connection that could permit an adversary to execute arbitrary commands on the underlying system. Tracked as CVE-2024-20272 (CVSS score: 7.3), the vulnerability is an arbitrary file upload bug residing in the web-based management interface and is the result of a lack of authentication in a specific API and improper validation of user-supplied data. (The Hacker News)
In December, Wordfence received a submission for an Authorization Bypass vulnerability in POST SMTP Mailer, a WordPress plugin with over 300,000+ active installations. This vulnerability makes it possible for unauthenticated threat actors to reset the API key used to authenticate to the mailer and view logs, including password reset emails on WordPress sites that use this plugin. We also received another submission shortly after for an Unauthenticated Stored Cross-Site Scripting vulnerability in POST SMTP Mailer plugin from another researcher. This vulnerability enables threat actors to inject malicious web scripts into pages. (Wordfence)
Recent posts on the Dark Web introduced a new tool that incorporates Artificial Intelligence (AI) for creating fraudulent invoices used for wire fraud and Business E-Mail Compromise (BEC). According to an FBI Report, successful business email compromise (BEC) scams (such as invoice fraud) resulted in an average loss of over $120,000 per incident, inflicting a staggering financial toll of more than $2.4 billion on organizations. (Securityaffairs)
Intel, AMD, Zoom, and Splunk have each released security advisories on the first Patch Tuesday of 2024 to inform customers about vulnerabilities found in their products. (SecurityWeek)
New Cactus Ransomware Encrypts Itself To Evade Antivirus A new ransomware operation called Cactus has been exploiting vulnerabilities in VPN...
Over 15,000 Hacked Roku Accounts Sold for 50¢ Each To Buy Hardware Roku has disclosed a data breach impacting over 15,000 customers after hacked...
Intel Firmware Vulnerability: Critical Update for System Security (2024.3 IPU - UEFI Firmware Advisory) Potential security vulnerabilities in UEFI...