Articles of interest from the week of March 4, 2024
Over 225,000 Compromised ChatGPT Credentials Up for Sale on Dark Web Markets More than 225,000 logs containing compromised OpenAI ChatGPT credentials...
24/7/365 Monitoring & Alerting
Compromise Assessments
Threat Hunting
Vulnerability Management
CMMC Preparation & Assessment
Cybersecurity Assurance Readiness (CSAR®/RMF Pro)
ATO/RMF Support
If you are concerned about a potential threat or are experiencing a breach, contact our 24/7/365 emergency hotline at 888-860-0452.
Sign up to receive our biweekly newsletter that covers what's happening in cybersecurity including news, trends, and thought leadership.
At our core, Ingalls is a company that strives to be helpful to our clients while continuously innovating and evolving our technology and solutions. Since 2010, we have been dedicated to building a team and product that can stay steps ahead of threats, attacks, and vulnerabilities in an ever-changing landscape.
2 min read
John Frasier : Feb 19, 2024 12:00:00 AM
Microsoft recently acknowledged that a newly disclosed critical security flaw in Exchange Server has been actively exploited in the wild, a day after it released fixes for the vulnerability as part of its Patch Tuesday updates. (The Hacker News)
“Advanced Persistent Threat (APT) groups continue in their efforts to target vulnerabilities inherent in the on-premises Microsoft Exchange ecosystem. Although on-premises servers afford greater flexibility and control, transitioning to Office 365 offers numerous advantages. Office 365 provides secure authentication across all services, comprehensive threat intelligence, reduced dependency on manual intervention, seamlessly scalable cloud security infrastructure, and a continuous stream of innovative features. Despite these benefits, many large organizations with well-established IT teams may still favor the control offered by on-premises Exchange Servers. For such organizations, implementing a robust and proactive patch management policy is imperative to mitigate the risks posed by Microsoft Exchange Zero-Day Exploits..” – Kenny Buller, Senior SOC Analyst/Tier III at Ingalls Information Security |
A critical security flaw in the Bricks theme for WordPress is being actively exploited by threat actors to run arbitrary PHP code on susceptible installations. The flaw, tracked as CVE-2024-25600 (CVSS score: 9.8), enables unauthenticated attackers to achieve remote code execution. It impacts all versions of the Bricks up to and including 1.9.6. (The Hacker News)
A logic flaw between Ubuntu's 'command-not-found' package suggestion system and the snap package repository could enable attackers to promote malicious Linux packages to unsuspecting users. The problem arises from the utility's ability to suggest snap packages for installation when they are missing without a validation mechanism to ensure that packages are authentic and safe. (BleepingComputer)
Chipmakers AMD and Intel on Tuesday announced patches for a total of over 100 vulnerabilities, including 21 high-severity bugs leading to privilege escalation, code execution, or denial-of-service (DoS). (SecurityWeek)
Vulnerabilities were reported on February 13, 2024, through the ConnectWise vulnerability disclosure channel via the ConnectWise Trust Center. There is no evidence that these vulnerabilities have been exploited in the wild, but immediate action must be taken by on-premise partners to address these identified security risks. (ConnectWise)
Threat actors continue to hammer the five security vulnerabilities that have been recently disclosed in Ivanti VPN appliances. This week, researchers said attackers are injecting a never-before-seen backdoor for persistent remote access within target networks — so far compromising 670+ IT infrastructures in a mass-exploitation campaign. (Dark Reading)
The support website for networking equipment vendor Juniper Networks was recently exposing potentially sensitive information tied to customer products, including which devices customers bought, as well as each product’s warranty status, service contracts, and serial numbers. Juniper said it has since fixed the problem, and that the inadvertent data exposure stemmed from a recent upgrade to its support portal. (KrebsOnSecurity)
International law enforcement agencies have arrested two members of the notorious ransomware gang LockBit and seized the group's web infrastructure as part of a wide-reaching takedown operation, officials said Monday. (Axios)
Lurie Children’s Hospital confirmed recently its network had been accessed by a “known criminal threat actor,” more than a week after the Chicago-based provider was forced to take its computer systems offline. (Cybersecurity Dive)
Over 225,000 Compromised ChatGPT Credentials Up for Sale on Dark Web Markets More than 225,000 logs containing compromised OpenAI ChatGPT credentials...
Chrome Zero-Day Exploited in the Wild, Patch Now! (CVE-2023-4863) Google has rolled out a security update for a critical Chrome zero-day...
27 Malicious PyPI Packages with Thousands of Downloads Found Targeting IT Experts An unknown threat actor has been observed publishing typosquat...