Articles of interest from the week of August 28, 2023
New Cyber Incident Notification Requirements for Credit Unions Beginning on September 1, 2023, all federally insured credit unions must notify the...
24/7/365 Monitoring & Alerting
Compromise Assessments
Threat Hunting
Vulnerability Management
CMMC Preparation & Assessment
Cybersecurity Assurance Readiness (CSAR®/RMF Pro)
ATO/RMF Support
If you are concerned about a potential threat or are experiencing a breach, contact our 24/7/365 emergency hotline at 888-860-0452.
Sign up to receive our biweekly newsletter that covers what's happening in cybersecurity including news, trends, and thought leadership.
At our core, Ingalls is a company that strives to be helpful to our clients while continuously innovating and evolving our technology and solutions. Since 2010, we have been dedicated to building a team and product that can stay steps ahead of threats, attacks, and vulnerabilities in an ever-changing landscape.
2 min read
John Frasier : Apr 18, 2024 11:50:01 AM
The telecommunications giant said Saturday that a dataset found on the “dark web” contains information such as Social Security numbers for about 7.6 million current AT&T account holders and 65.4 million former account holders. (The Associated Press)
“This breach notification from AT&T is concerning since the data appears to be from 2019 or earlier and included Social Security numbers, passcodes as well as possibly other sensitive data. While AT&T should be reaching out to customers, this data has been and will be in the wild for some time. A proactive approach to review your credit history along with any accounts that may have shared passcodes is recommended. This is an example of why using Identity monitoring services and reviewing your Credit history at least annually is imperative to protect your identity and financial reputation.” – Brad Schrack, CISSP, Sr. Information Security Analyst at Ingalls Information Security |
The US House of Representatives has prohibited its staff members from using Microsoft's AI-driven chatbot, Copilot, according to a report by Axios. The ban was announced by the House's Chief Administrative Officer, Catherine Szpindor, who declared that Microsoft Copilot is "unauthorized for House use." (NewsBytes)
Computer scientists have uncovered a shockingly prevalent misconfiguration in popular enterprise cloud-based email spam filtering services, along with an exploit for taking advantage of it. The findings reveal that organizations are far more open to email-borne cyber threats than they know. (Dark Reading)
A vulnerability (CVE-2024-3094) in XZ Utils, the XZ format compression utilities included in most Linux distributions, may “enable a malicious actor to break sshd authentication and gain unauthorized access to the entire system remotely,” Red Hat warns. (Help Net Security)
Cybercriminals have been increasingly using a new phishing-as-a-service (PhaaS) platform named 'Tycoon 2FA' to target Microsoft 365 and Gmail accounts and bypass two-factor authentication (2FA) protection. (BleepingComputer)
In 2016, Facebook launched a secret project designed to intercept and decrypt the network traffic between people using Snapchat’s app and its servers. The goal was to understand users’ behavior and help Facebook compete with Snapchat, according to newly unsealed court documents. Facebook called this “Project Ghostbusters,” in a clear reference to Snapchat’s ghost-like logo. (TechCrunch)
A new security shortcoming discovered in Apple M-series chips could be exploited to extract secret keys used during cryptographic operations. (The Hacker News)
SentinelLabs has discovered the emergence of a new embedded wiper variant known as "AcidPour," a malicious software linked to the "AcidRain" threat, which has surfaced in Ukraine. (SentinelLabs)
With the help of Interpol's cybercrime unit, Brazilian authorities recently made headway in combatting the infamous Grandoreiro banking Trojan operation with the arrest of five suspects allegedly associated with the group. (BleepingComputer)
New Cyber Incident Notification Requirements for Credit Unions Beginning on September 1, 2023, all federally insured credit unions must notify the...
AnyDesk Hacked: Popular Remote Desktop Software Mandates Password Reset AnyDesk confirmed last week that it suffered a recent cyberattack that...
Copilot Is Ready for Takeoff: Microsoft Rolls Out Artificial Intelligence for Windows AI is coming to desktops everywhere -- is your security team...