Skip to the main content.
Government Programs
Integrated technology, solutions, and services that support rapid innovation within the DoD ecosystem.

CMMC Preparation & Assessment
Cybersecurity Assurance Readiness (CSAR/RMF Pro)
ATO/RMF Support

Book GP Demo

Professional Services
Expertise in security strategy, incident response readiness, policy development, and risk assessments.

Risk Assessments
vCISO
Penetration Testing

Book ProServ Demo

Digital Forensics & Incident Response
Are You Under Attack?

If you are concerned about a potential threat or are experiencing a breach, contact our 24/7/365 emergency hotline at 888-860-0452.

CONTACT US

Subscribe-to-NetSec-News-v4Subscribe to NetSec News

Sign up to receive our biweekly newsletter that covers what's happening in cybersecurity including news, trends, and thought leadership.

SIGN UP

Ingalls Information Security

At our core, Ingalls is a company that strives to be helpful to our clients while continuously innovating and evolving our technology and solutions. Since 2010, we have been dedicated to building a team and product that can stay steps ahead of threats, attacks, and vulnerabilities in an ever-changing landscape.

Meet The Leadership Team

2 min read

Articles of interest from the week of April 29, 2024

Multiple LastPass Users Lose Master Passwords to Ultra-Convincing Scam

CryptoChameleon attackers trade quantity for quality, dedicating time and resources to trick even the most diligent user into handing over their high-value credentials. (Dark Reading)

 

U.S. Government Releases New AI Security Guidelines for Critical Infrastructure

The U.S. government has unveiled new security guidelines aimed at bolstering critical infrastructure against artificial intelligence (AI)-related threats. "These guidelines are informed by the whole-of-government effort to assess AI risks across all sixteen critical infrastructure sectors, and address threats both to and from, and involving AI systems," the Department of Homeland Security (DHS) said Monday. (The Hacker News)

 

Okta Warns of “Unprecedented” Credential Stuffing Attacks on Customers

Threat actors use credential stuffing to compromise user accounts by trying out in an automated manner lists of usernames and passwords typically purchased from cyber criminals. (Bleeping Computer)

 

ArcaneDoor – New Espionage-Focused Campaign Found Targeting Perimeter Network Devices

ArcaneDoor is a campaign that is the latest example of state-sponsored actors targeting perimeter network devices from multiple vendors. Coveted by these actors, perimeter network devices are the perfect intrusion point for espionage-focused campaigns. (Cisco Talos)

 

Bogus npm Packages Used to Trick Software Developers into Installing Malware

An ongoing social engineering campaign is targeting software developers with bogus npm packages under the guise of a job interview to trick them into downloading a Python backdoor. (The Hacker News)

 

Ring Agrees To Pay $5.6 Million After Cameras Were Used To Spy on Customers

Amazon’s Ring has settled with the Federal Trade Commission (FTC) over charges that the company allowed employees and contractors to access customers’ private videos, and failed to implement security protections which enabled hackers to take control of customers’ accounts, cameras, and videos. (Malwarebytes)

 

Iran Dupes US Military Contractors, Gov't Agencies in Years-Long Cyber Campaign

A state-sponsored hacking team employed a clever masquerade and elaborate back-end infrastructure as part of a five-year info-stealing campaign that compromised the US State and Treasury Departments, and hundreds of thousands of accounts overall. (Dark Reading)

 

MITRE Corporation Breached by Nation-State Hackers Exploiting Ivanti Flaws

The MITRE Corporation revealed that it was the target of a nation-state cyber attack that exploited two zero-day flaws in Ivanti Connect Secure appliances starting in January 2024. The intrusion led to the compromise of its Networked Experimentation, Research, and Virtualization Environment (NERVE), an unclassified research and prototyping network. (The Hacker News)

 

GPT-4 Can Exploit Most Vulns Just by Reading Threat Advisories

Cybersecurity researchers have discovered a new Raspberry Robin campaign wave that has been propagating the malware through malicious Windows Script Files (WSFs) since March 2024. (The Hacker News)

Sign Up For Network Security News
Articles of interest from the week of January 1, 2024

Articles of interest from the week of January 1, 2024

Warning: Poorly Secured Linux SSH Servers Under Attack for Cryptocurrency Mining Poorly secured Linux SSH servers are being targeted by bad actors to...

Read More
Articles of interest from the week of May 22, 2023

Articles of interest from the week of May 22, 2023

Inactive Accounts Pose Significant Account Takeover Security Risks Inactive and non-maintained accounts pose significant security risks to users and...

Read More
Articles of interest from the week of July 8, 2024

Articles of interest from the week of July 8, 2024

China ‘Actively’ Targeting US Industrial Base, Warns CYBERCOM Chief “The People's Republic of China’s efforts to steal intellectual property, gain...

Read More