Skip to the main content.
Government Programs
Integrated technology, solutions, and services that support rapid innovation within the DoD ecosystem.

CMMC Preparation & Assessment
Cybersecurity Assurance Readiness (CSAR/RMF Pro)
ATO/RMF Support

Book GP Demo

Professional Services
Expertise in security strategy, incident response readiness, policy development, and risk assessments.

Risk Assessments
vCISO
Penetration Testing

Book ProServ Demo

Digital Forensics & Incident Response
Are You Under Attack?

If you are concerned about a potential threat or are experiencing a breach, contact our 24/7/365 emergency hotline at 888-860-0452.

CONTACT US

Subscribe-to-NetSec-News-v4Subscribe to NetSec News

Sign up to receive our biweekly newsletter that covers what's happening in cybersecurity including news, trends, and thought leadership.

SIGN UP

Ingalls Information Security

At our core, Ingalls is a company that strives to be helpful to our clients while continuously innovating and evolving our technology and solutions. Since 2010, we have been dedicated to building a team and product that can stay steps ahead of threats, attacks, and vulnerabilities in an ever-changing landscape.

Meet The Leadership Team

1 min read

Articles of interest from the week of June 24, 2024

Fresh MOVEit Bug Under Attack Mere Hours After Disclosure

A high-severity security vulnerability (CVE-2024-5806) in Progress Software's MOVEit Transfer software could allow cyberattackers to get around the platform's authentication mechanisms — and it's being actively exploited in the wild just hours after it was made public. (Dark Reading)

NSN Email Template v4_Expert-Take
 

It's no surprise to see threat actors moving quickly to exploit new vulnerabilities in the MOVEit Transfer software, given how successful the Russian-backed Cl0p ransomware group was last year. However, it is important to note that the instances being observed in the wild at this moment are within honeypots monitored by organizations such as the non-profit Shadowserver Foundation. Honeypot activity does not always correlate with real-world production environments, as these attacks may be coming from the cybersecurity community itself to identify potentially vulnerable systems. Thankfully Progress Software has already provided a new version and urges its customers to upgrade to the latest patched version immediately. The main takeaway for organizations is to stay vigilant about news and updates from their vendors and deploy patches immediately in case of severe vulnerabilities. However, organizations should also ensure that they adhere to their patch management policy, considering risk tolerance and the potential business impact of a successful exploitation.

Tadeh Anbarchian, SOC Analyst at Ingalls Information Security

 

 

Microsoft Patches Zero-Click Outlook Vulnerability That Could Soon Be Exploited

Microsoft’s June 2024 Patch Tuesday updates resolve a zero-click Outlook vulnerability, tracked as CVE-2024-30103 (CVSS score of 8.8), leading to remote code execution. (SecurityWeek)

 

Thousands of Car Dealerships Stalled Out After Software Provider Cyberattack

CDK Global, which makes software for car dealers, experienced a cyber incident that halted vehicle sales and service across the US. (Dark Reading)

 

China-Linked ValleyRAT Malware Resurfaces with Advanced Data Theft Tactics

Cybersecurity researchers have uncovered an updated version of malware called ValleyRAT that's being distributed as part of a new campaign. (The Hacker News)

 

New BadSpace Backdoor Deployed in Drive-By Attacks

The BadSpace backdoor is being distributed via drive-by attacks involving infected WordPress websites and JavaScript downloaders, (SecurityWeek)

 

Phone Scammers Impersonating CISA Employees

The US cybersecurity agency CISA has warned the public that phone scammers are impersonating its employees. The agency has reminded people that it will never contact anyone to request money, cryptocurrency, or gift cards. (CISA)

 

Apple Launches Private Cloud Compute for Privacy-Centric AI Processing

Apple has announced the launch of a "groundbreaking cloud intelligence system" called Private Cloud Compute (PCC) that's designed for processing artificial intelligence (AI) tasks in a privacy-preserving manner in the cloud. (The Hacker News)

Sign Up For Network Security News
Articles of interest from the week of August 28, 2023

Articles of interest from the week of August 28, 2023

New Cyber Incident Notification Requirements for Credit Unions Beginning on September 1, 2023, all federally insured credit unions must notify the...

Read More
Articles of interest from the week of September 25, 2023

Articles of interest from the week of September 25, 2023

TikTok Fined 345 Million Euros Over Handling of Children’s Data in Europe TikTok has been fined 345 million euros ($370 million) for breaching...

Read More
Articles of interest from the week of May 13, 2024

Articles of interest from the week of May 13, 2024

FIN7 Hacker Group Leverages Malicious Google Ads to Deliver NetSupport RAT The financially motivated threat actor known as FIN7 has been observed...

Read More