Skip to the main content.
Government Programs
Integrated technology, solutions, and services that support rapid innovation within the DoD ecosystem.

CMMC Preparation & Assessment
Cybersecurity Assurance Readiness (CSAR/RMF Pro)
ATO/RMF Support

Book GP Demo

Professional Services
Expertise in security strategy, incident response readiness, policy development, and risk assessments.

Risk Assessments
vCISO
Penetration Testing

Book ProServ Demo

Digital Forensics & Incident Response
Are You Under Attack?

If you are concerned about a potential threat or are experiencing a breach, contact our 24/7/365 emergency hotline at 888-860-0452.

CONTACT US

Subscribe-to-NetSec-News-v4Subscribe to NetSec News

Sign up to receive our biweekly newsletter that covers what's happening in cybersecurity including news, trends, and thought leadership.

SIGN UP

Ingalls Information Security

At our core, Ingalls is a company that strives to be helpful to our clients while continuously innovating and evolving our technology and solutions. Since 2010, we have been dedicated to building a team and product that can stay steps ahead of threats, attacks, and vulnerabilities in an ever-changing landscape.

Meet The Leadership Team

2 min read

Articles of interest from the week of May 13, 2024

FIN7 Hacker Group Leverages Malicious Google Ads to Deliver NetSupport RAT

The financially motivated threat actor known as FIN7 has been observed leveraging malicious Google ads spoofing legitimate brands as a means to deliver MSIX installers that culminate in the deployment of NetSupport RAT. (The Hacker News) 

NSN Email Template v4_Expert-Take
 

A well-known threat vector is using malicious Google ads to spoof well-known brands. These attacks often begin with users being lured to fake websites via the said ads, where they are prompted to download a malicious file containing PowerShell scripts that then lead to further malware infections. FIN7, active since 2013 and known for evolving its tactics, has leveraged these malvertising techniques recently to effectively bypass security mechanisms and deliver a range of malware. The abuse of signed MSIX files has prompted Microsoft to disable the protocol handler by default to mitigate such threats, thus impacting future updates and patching, which in turn will create an even larger issue of not being able to add future security measures, potentially leading to issues down the road for organizations.

Andrew Tucker, Tier III SOC Analyst / Junior Cybersecurity Consultant at Ingalls Information Security

 

 

2 (or 5) Bugs in F5 Asset Manager Allow Full Takeover, Hidden Accounts

Newly discovered vulnerabilities in F5 Networks' BIG-IP Next Central Manager could allow an attacker to gain full control over, and create hidden accounts inside of, any F5-brand assets. (Dark Reading) 

 

Novel Attack Against Virtually All VPN Apps Neuters Their Entire Purpose

Researchers have devised an attack against nearly all virtual private network applications that forces them to send and receive some or all traffic outside of the encrypted tunnel designed to protect it from snooping or tampering. (Ars Technica)

 

An Insulin Pump Software Bug Has Injured Over 200 People

The US Food and Drug Administration (FDA) has issued a Class I recall for the t:connect mobile app on iOS, which is used to monitor and control the t:slim X2 insulin pump used by people with diabetes. It was supposedly the first smartphone app that can program insulin doses that the FDA had approved. The agency issued the highest level of recall it could, because the app had serious software problems that could've have caused life-threatening conditions or even death. In fact, while there were no mortalities reported, the FDA received 224 injury reports as of April 15. (Engadget)

 

Dell Warns of Data Breach, 49 Million Customers Allegedly Affected

Dell is warning customers of a data breach after a threat actor claimed to have stolen information for approximately 49 million customers. (BleepingComputer)

 

How to Future-Proof Windows Networks: Take Action Now on Planned Phaseouts and Changes

Microsoft has telegraphed its desire to start shuttering some legacy Windows systems. Here’s how to get ahead of the security changes that will inevitably come to the platform. (CSO)

 

Russian Hacker Dmitry Khoroshev Unmasked as LockBit Ransomware Administrator

The U.K. National Crime Agency (NCA) has unmasked the administrator and developer of the LockBit ransomware operation, revealing it to be a 31-year-old Russian national named Dmitry Yuryevich Khoroshev.

In addition, Khoroshev has been sanctioned by the U.K. Foreign, Commonwealth and Development Office (FCD), the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC), and the Australian Department of Foreign Affairs.
(The Hacker News) 

 

Citrix Addresses High-Severity Flaw in NetScaler ADC and Gateway

The bug was nearly identical to — but not as serious as — "CitrixBleed" (CVE-2023-4966), a critical zero-day vulnerability in the same two technologies that Citrix disclosed last year, according to researchers who discovered and reported the flaw to Citrix in January. (Dark Reading)

Sign Up For Network Security News
Articles of interest from the week of August 28, 2023

Articles of interest from the week of August 28, 2023

New Cyber Incident Notification Requirements for Credit Unions Beginning on September 1, 2023, all federally insured credit unions must notify the...

Read More
Articles of interest from the week of July 3, 2023

Articles of interest from the week of July 3, 2023

Zero-Day Alert: Apple Releases Patches for Actively Exploited Flaws in iOS, macOS, and Safari Apple recently released a slew of updates for iOS,...

Read More
Articles of interest from the week of October 9, 2023

Articles of interest from the week of October 9, 2023

U.S. Cybersecurity Agency Warns of Actively Exploited Adobe Acrobat Reader Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency...

Read More