Skip to the main content.
Government Programs
Integrated technology, solutions, and services that support rapid innovation within the DoD ecosystem.

CMMC Preparation & Assessment
Cybersecurity Assurance Readiness (CSAR®/RMF Pro)
ATO/RMF Support

Book GP Demo

Professional Services
Expertise in security strategy, incident response readiness, policy development, and risk assessments.

Risk Assessments
vCISO
Penetration Testing

Book ProServ Demo

Digital Forensics & Incident Response
Are You Under Attack?

If you are concerned about a potential threat or are experiencing a breach, contact our 24/7/365 emergency hotline at 888-860-0452.

CONTACT US

Subscribe-to-NetSec-News-v4Subscribe to NetSec News

Sign up to receive our biweekly newsletter that covers what's happening in cybersecurity including news, trends, and thought leadership.

SIGN UP

Ingalls Information Security

At our core, Ingalls is a company that strives to be helpful to our clients while continuously innovating and evolving our technology and solutions. Since 2010, we have been dedicated to building a team and product that can stay steps ahead of threats, attacks, and vulnerabilities in an ever-changing landscape.

Meet The Leadership Team

2 min read

Articles of interest from the week of August 5, 2024

Proofpoint Email Routing Flaw Exploited to Send Millions of Spoofed Phishing Emails

An unknown threat actor has been linked to a massive scam campaign that exploited an email routing misconfiguration in email security vendor Proofpoint's defenses to send millions of messages spoofing various popular companies like Best Buy, IBM, Nike, and Walt Disney, as well as others. (The Hacker News)

NSN Email Template v4_Expert-Take
 

“A critical vulnerability was recently uncovered in Proofpoint's email routing settings that was leveraged in a phishing campaign called "EchoSpoofing." This vulnerability enabled attackers to send millions of spoofed emails that seemed to originate from reputable brands like Disney, IBM, and Coca-Cola, utilizing Proofpoint's email relays and Virtual Private Servers. Thankfully, Proofpoint addressed the flaw in March 2024.

This EchoSpoofing incident highlights the critical need for secure email configuration and vigilant monitoring to prevent exploitation by attackers. It also underscores the importance of timely patching, user education, and collaboration with security researchers to mitigate risks and enhance overall email security.

Tadeh Anbarchian, SOC Analyst II at Ingalls Information Security

 

 

CrowdStrike Sued by Shareholders Over Global Outage

CrowdStrike is being sued by its shareholders after a faulty software update by the cybersecurity firm crashed more than eight million computers and caused chaos around the world. (BBC)

 

Ransomware Gang Targets IT Workers With New SharpRhino Malware

The Hunters International ransomware group is targeting IT workers with a new C# remote access trojan (RAT) called SharpRhino to breach corporate networks. (BleepingComputer)

 

DigiCert to Revoke Thousands of Certificates Following DNS Validation Error

DigiCert, a major certificate authority, to revoke thousands of SSL/TLS certificates because of a Domain Control Verification error. This could affect a lot of websites. (Cyber Security News)

 

Microsoft Defender Flaw Exploited to Deliver ACR, Lumma, and Meduza Stealers

A now-patched security flaw in the Microsoft Defender SmartScreen has been exploited as part of a new campaign designed to deliver information stealers such as ACR Stealer, Lumma, and Meduza. A security services platform said it detected the stealer campaign targeting Spain, Thailand, and the U.S. using booby-trapped files that exploit CVE-2024-21412 (CVSS score: 8.1). (The Hacker News)

 

Switzerland Federal Government Requires Releasing Its Software as Open Source

Several European countries are betting on open-source software. In the United States, eh, not so much. In the latest news from across the Atlantic, Switzerland has taken a major step forward with its "Federal Law on the Use of Electronic Means for the Fulfillment of Government Tasks" (EMBAG). This groundbreaking legislation mandates releasing open-source software (OSS) of the Federal government. (ZDNet)

 

Microsoft’s Windows Hello for Business Flaw Let Attackers Bypass Authentication

A recently discovered vulnerability in Microsoft’s Windows Hello for Business (WHfB) authentication system allowed attackers to bypass the supposedly phishing-resistant login method, raising concerns about the security of this widely adopted passwordless solution. (Cyber Security News)

 

Meta Removes 63,000 Instagram Accounts Linked to Nigerian Sextortion Scams

Meta Platforms on Wednesday said it took steps to remove around 63,000 Instagram accounts in Nigeria that were found to target people with financial sextortion scams. (The Hacker News)

 

GitLab Patched XSS Vulnerability that Lets Attackers to Execute Arbitrary Code

GitLab has released new Community Edition (CE) and Enterprise Edition (EE) versions to address multiple vulnerabilities. Among these, a high-severity cross-site scripting (XSS) vulnerability has garnered particular attention due to its potential to allow attackers to execute arbitrary code, (Cyber Security News)

 

TracFone Will Pay $16 Million to Settle FCC Data Breach Investigation

Following three separate data breaches between 2021 and 2023 which exposed the proprietary information (PI) of TracFone Wireless customers, the Federal Communications Commission (FCC) announced that the Verizon-owned company has agreed to pay a $16 million civil penalty to settle the government investigation, and it has made an agreement to improve its application programming interface  (API) security. (Malwarebytes Labs)

 

Sign Up For Network Security News
Articles of interest from the week of December 2, 2024

Articles of interest from the week of December 2, 2024

Phishing Emails Increasingly Use SVG Attachments To Evade Detection Phishing attacks are becoming increasingly deceptive as cybercriminals exploit...

Read More

Articles of interest from the week of August 26, 2019

IRS Issues Warning on New Email Phishing Scam A new email phishing scam involving false claims about electronically filed tax returns was reported...

Read More
Articles of interest from the week of October 28, 2024

Articles of interest from the week of October 28, 2024

Black Basta Ransomware Poses as IT Support on Microsoft Teams to Breach Networks The BlackBasta ransomware operation has moved its social engineering...

Read More