Skip to the main content.
Government Programs
Integrated technology, solutions, and services that support rapid innovation within the DoD ecosystem.

CMMC Preparation & Assessment
Cybersecurity Assurance Readiness (CSAR®/RMF Pro)
ATO/RMF Support

Book GP Demo

Professional Services
Expertise in security strategy, incident response readiness, policy development, and risk assessments.

Risk Assessments
vCISO
Penetration Testing

Book ProServ Demo

Digital Forensics & Incident Response
Are You Under Attack?

If you are concerned about a potential threat or are experiencing a breach, contact our 24/7/365 emergency hotline at 888-860-0452.

CONTACT US

Subscribe-to-NetSec-News-v4Subscribe to NetSec News

Sign up to receive our biweekly newsletter that covers what's happening in cybersecurity including news, trends, and thought leadership.

SIGN UP

Ingalls Information Security

At our core, Ingalls is a company that strives to be helpful to our clients while continuously innovating and evolving our technology and solutions. Since 2010, we have been dedicated to building a team and product that can stay steps ahead of threats, attacks, and vulnerabilities in an ever-changing landscape.

Meet The Leadership Team

2 min read

Articles of interest from the week of April 1, 2024

AT&T Notifies Users of Data Breach and Resets Millions of Passcodes

The telecommunications giant said Saturday that a dataset found on the “dark web” contains information such as Social Security numbers for about 7.6 million current AT&T account holders and 65.4 million former account holders. (The Associated Press)

NSN Email Template v4_Expert-Take
 

“This breach notification from AT&T is concerning since the data appears to be from 2019 or earlier and included Social Security numbers, passcodes as well as possibly other sensitive data.  While AT&T should be reaching out to customers, this data has been and will be in the wild for some time. A proactive approach to review your credit history along with any accounts that may have shared passcodes is recommended. This is an example of why using Identity monitoring services and reviewing your Credit history at least annually is imperative to protect your identity and financial reputation.

Brad Schrack, CISSP, Sr. Information Security Analyst at Ingalls Information Security

 

 

US Congress Restricts Staff From Using Microsoft’s Copilot: Here’s Why

The US House of Representatives has prohibited its staff members from using Microsoft's AI-driven chatbot, Copilot, according to a report by Axios. The ban was announced by the House's Chief Administrative Officer, Catherine Szpindor, who declared that Microsoft Copilot is "unauthorized for House use." (NewsBytes)

 

Cloud Email Filtering Bypass Attack Works 80% of the Time

Computer scientists have uncovered a shockingly prevalent misconfiguration in popular enterprise cloud-based email spam filtering services, along with an exploit for taking advantage of it. The findings reveal that organizations are far more open to email-borne cyber threats than they know. (Dark Reading)

 

Beware! Backdoor Found in XZ Utilities Used by Many Linux Distros (CVE-2024-3094)

A vulnerability (CVE-2024-3094) in XZ Utils, the XZ format compression utilities included in most Linux distributions, may “enable a malicious actor to break sshd authentication and gain unauthorized access to the entire system remotely,” Red Hat warns. (Help Net Security)

 

New MFA-Bypassing Phishing Kit Targets Microsoft 365, Gmail Accounts

Cybercriminals have been increasingly using a new phishing-as-a-service (PhaaS) platform named 'Tycoon 2FA' to target Microsoft 365 and Gmail accounts and bypass two-factor authentication (2FA) protection. (BleepingComputer)

 

Facebook Snooped on Users’ Snapchat Traffic in Secret Project, Documents Reveal

In 2016, Facebook launched a secret project designed to intercept and decrypt the network traffic between people using Snapchat’s app and its servers. The goal was to understand users’ behavior and help Facebook compete with Snapchat, according to newly unsealed court documents. Facebook called this “Project Ghostbusters,” in a clear reference to Snapchat’s ghost-like logo. (TechCrunch)

 

New "GoFetch" Vulnerability in Apple M-Series Chips Leaks Secret Encryption Keys

A new security shortcoming discovered in Apple M-series chips could be exploited to extract secret keys used during cryptographic operations. (The Hacker News)

 

AcidPour | New Embedded Wiper Variant of AcidRain Appears in Ukraine

SentinelLabs has discovered the emergence of a new embedded wiper variant known as "AcidPour," a malicious software linked to the "AcidRain" threat, which has surfaced in Ukraine. (SentinelLabs)

 

Microsoft Confirms Windows Server Issue Behind Domain Controller Crashes

With the help of Interpol's cybercrime unit, Brazilian authorities recently made headway in combatting the infamous Grandoreiro banking Trojan operation with the arrest of five suspects allegedly associated with the group. (BleepingComputer)

Sign Up For Network Security News
Articles of interest from the week of August 28, 2023

Articles of interest from the week of August 28, 2023

New Cyber Incident Notification Requirements for Credit Unions Beginning on September 1, 2023, all federally insured credit unions must notify the...

Read More
Articles of interest from the week of February 5, 2024

Articles of interest from the week of February 5, 2024

AnyDesk Hacked: Popular Remote Desktop Software Mandates Password Reset AnyDesk confirmed last week that it suffered a recent cyberattack that...

Read More
Articles of interest from the week of November 6, 2023

Articles of interest from the week of November 6, 2023

Copilot Is Ready for Takeoff: Microsoft Rolls Out Artificial Intelligence for Windows AI is coming to desktops everywhere -- is your security team...

Read More