Articles of interest from the week of April 1, 2024
AT&T Notifies Users of Data Breach and Resets Millions of Passcodes The telecommunications giant said Saturday that a dataset found on the “dark web”...
24/7/365 Monitoring & Alerting
Compromise Assessments
Threat Hunting
Vulnerability Management
CMMC Preparation & Assessment
Cybersecurity Assurance Readiness (CSAR®/RMF Pro)
ATO/RMF Support
If you are concerned about a potential threat or are experiencing a breach, contact our 24/7/365 emergency hotline at 888-860-0452.
Sign up to receive our biweekly newsletter that covers what's happening in cybersecurity including news, trends, and thought leadership.
At our core, Ingalls is a company that strives to be helpful to our clients while continuously innovating and evolving our technology and solutions. Since 2010, we have been dedicated to building a team and product that can stay steps ahead of threats, attacks, and vulnerabilities in an ever-changing landscape.
2 min read
John Frasier : Feb 5, 2024 12:00:00 AM
AnyDesk confirmed last week that it suffered a recent cyberattack that allowed hackers to gain access to the company's production systems. It has been reported that source code and private code signing keys were stolen during the attack. (The Hacker News)
“AnyDesk is a very popular and legitimate RMM tool that is commonly used by threat actors to establish persistence and perform nefarious activity. It should be concerning that credentials were obtained maliciously in that it poses a significant risk for entities that utilize AnyDesk on a daily basis. Using pre-existing AnyDesk instances creates less noise on a victim’s network and allows threat actors to covertly perform activities that may go unnoticed. In these situations, it is critical to follow the published recommendations such as performing updates/upgrades and forcing a password reset, as well as enforcing MFA for all users..” – Roman Weathermon, Tier 3 Cybersecurity Analyst at Ingalls Information Security |
The supermassive leak contains data from numerous previous breaches, comprising an astounding 12 terabytes of information, spanning over a mind-boggling 26 billion records. The leak, which contains LinkedIn, Twitter, Weibo, Tencent, and other platforms’ user data, is almost certainly the largest ever discovered. (Cybernews)
A finance employee at an unnamed major multinational corporation has been fooled into transferring $200 million Hong Kong dollars (around $25.6 million) to scammers using deepfake technology to impersonate his colleagues. The AI-created simulacra of the man's fellow workers included a deepfake of the company's Chief Financial Officer (CFO), and Hong Kong police say the scam took place via a video conference call (as reported by CNN). (PC Gamer)
GitLab once again released fixes to address a critical security flaw in its Community Edition (CE) and Enterprise Edition (EE) that could be exploited to write arbitrary files while creating a workspace. Tracked as CVE-2024-0402, the vulnerability has a CVSS score of 9.9 out of a maximum of 10. (The Hacker News)
The cybersecurity researchers at Huntress have issued a warning about a recent surge in cyber attacks, highlighting a new strategy employed by cybercriminals who are exploiting TeamViewer to deploy LockBit ransomware. (Hackread)
A new ransomware strain called 3AM has been uncovered after a threat actor used it in an attack that failed to deploy LockBit ransomware on a target network. Researchers say in a report that the new malware “has only been used in a limited fashion” and it was a ransomware affiliate’s fallback when defense mechanisms blocked LockBit. (BleepingComputer)
Cisco Unified Communications customers are urged to patch this high-severity vulnerability or mitigate its risk. Cisco fixed a critical flaw this week that affects multiple Unified Communications and Contact Center Solutions products and could be exploited remotely by unauthenticated attackers to execute arbitrary code on impacted devices. Medium severity vulnerabilities have also been patched in Cisco Small Business Series Switches and Cisco Unity Connection. (CSO)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw impacting iOS, iPadOS, macOS, tvOS, and watchOS to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. (The Hacker News)
The U.S. National Security Agency is buying vast amounts of commercially available web browsing data on Americans without a warrant, according to the agency’s outgoing director. (TechCrunch)
AT&T Notifies Users of Data Breach and Resets Millions of Passcodes The telecommunications giant said Saturday that a dataset found on the “dark web”...
FIN7 Hacker Group Leverages Malicious Google Ads to Deliver NetSupport RAT The financially motivated threat actor known as FIN7 has been observed...
Black Basta Ransomware Poses as IT Support on Microsoft Teams to Breach Networks The BlackBasta ransomware operation has moved its social engineering...