Articles of interest from the week of October 28, 2024
Black Basta Ransomware Poses as IT Support on Microsoft Teams to Breach Networks The BlackBasta ransomware operation has moved its social engineering...
24/7/365 Monitoring & Alerting
Compromise Assessments
Threat Hunting
Vulnerability Management
CMMC Preparation & Assessment
Cybersecurity Assurance Readiness (CSAR®/RMF Pro)
ATO/RMF Support
If you are concerned about a potential threat or are experiencing a breach, contact our 24/7/365 emergency hotline at 888-860-0452.
Sign up to receive our biweekly newsletter that covers what's happening in cybersecurity including news, trends, and thought leadership.
At our core, Ingalls is a company that strives to be helpful to our clients while continuously innovating and evolving our technology and solutions. Since 2010, we have been dedicated to building a team and product that can stay steps ahead of threats, attacks, and vulnerabilities in an ever-changing landscape.
2 min read
John Frasier : May 30, 2024 8:43:35 AM
A new ransomware strain called ShrinkLocker creates a new boot partition to encrypt corporate systems using Windows BitLocker.
ShrinkLocker, named so because it creates the boot volume by shrinking available non-boot partitions, has been used to target a government entity and companies in the vaccine and manufacturing sectors. (BleepingComputer)
“ShrinkLocker brings new tricks, but if ransomware is the digital AK-47, then this is just a new barrel on an old rifle. Key takeaway? Securely store your BitLocker recovery keys. Also, preventing the deployment methods of ShrinkLocker is crucial to avoid the disaster this tool can unleash on your network.” – Jason Ingalls, Founder at Ingalls Information Security |
Google recently rolled out a fresh Chrome update to address another exploited vulnerability in the popular web browser, the fourth zero-day to be patched in two weeks.
Tracked as CVE-2024-5274, the high-severity flaw is described as a type confusion in the V8 JavaScript and WebAssembly engine. (SecurityWeek)
Users of Veeam Backup Enterprise Manager are being urged to update to the latest version following the discovery of a critical security flaw that could permit an adversary to bypass authentication protections.
Tracked as CVE-2024-29849 (CVSS score: 9.8), the vulnerability could allow an unauthenticated attacker to log in to the Veeam Backup Enterprise Manager web interface as any user. (The Hacker News)
A banking Trojan impacting Google Android devices, dubbed "Antidot" by the Cyble research team, has emerged, disguising itself as a Google Play update. (Dark Reading)
Apple and the satellite-based broadband service Starlink each recently took steps to address new research into the potential security and privacy implications of how their services geo-locate devices. Researchers from the University of Maryland say they relied on publicly available data from Apple to track the location of billions of devices globally — including non-Apple devices like Starlink systems — and found they could use this data to monitor the destruction of Gaza, as well as the movements and in many cases identities of Russian and Ukrainian troops. (Krebs on Security)
A ransomware operation targets Windows system administrators using Google ads to promote fake download sites for Putty and WinSCP.
WinSCP and Putty are popular Windows utilities, with WinSCP being an SFTP client and FTP client and Putty an SSH client. (BleepingComputer)
Researchers have discovered a severe memory corruption vulnerability inside of a cloud logging utility used across major cloud platforms.
The service, Fluent Bit, is an open-source tool for collecting, processing, and forwarding logs and other types of application data. It's one of the more popular pieces of software out there, with more than 3 billion downloads as of 2022, and a new 10 million or so deployments with each passing day. It's used by major organizations such as VMware, Cisco, Adobe, Walmart, and LinkedIn, and nearly every major cloud service provider, including AWS, Microsoft, and Google Cloud. (Dark Reading)
Threat actors use phishing techniques to obtain non-public information about generative artificial intelligence.
Security researchers have warned about a new cyberespionage campaign that targets artificial intelligence experts working in private industry, government, and academia. The attackers, likely of Chinese origin, are using a remote access trojan (RAT) called SugarGh0st. (CSO)
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added three security vulnerabilities to its 'Known Exploited Vulnerabilities' catalog, one impacting Google Chrome and two affecting some D-Link routers. (BleepingComputer)
Black Basta Ransomware Poses as IT Support on Microsoft Teams to Breach Networks The BlackBasta ransomware operation has moved its social engineering...
Inactive Accounts Pose Significant Account Takeover Security Risks Inactive and non-maintained accounts pose significant security risks to users and...
Over 15,000 Hacked Roku Accounts Sold for 50¢ Each To Buy Hardware Roku has disclosed a data breach impacting over 15,000 customers after hacked...