Skip to the main content.
Government Programs
Integrated technology, solutions, and services that support rapid innovation within the DoD ecosystem.

CMMC Preparation & Assessment
Cybersecurity Assurance Readiness (CSAR®/RMF Pro)
ATO/RMF Support

Book GP Demo

Professional Services
Expertise in security strategy, incident response readiness, policy development, and risk assessments.

Risk Assessments
vCISO
Penetration Testing

Book ProServ Demo

Digital Forensics & Incident Response
Are You Under Attack?

If you are concerned about a potential threat or are experiencing a breach, contact our 24/7/365 emergency hotline at 888-860-0452.

CONTACT US

Subscribe-to-NetSec-News-v4Subscribe to NetSec News

Sign up to receive our biweekly newsletter that covers what's happening in cybersecurity including news, trends, and thought leadership.

SIGN UP

Ingalls Information Security

At our core, Ingalls is a company that strives to be helpful to our clients while continuously innovating and evolving our technology and solutions. Since 2010, we have been dedicated to building a team and product that can stay steps ahead of threats, attacks, and vulnerabilities in an ever-changing landscape.

Meet The Leadership Team

2 min read

Articles of interest from the week of August 19, 2024

Critical Security Lapse: National Public Data Published Its Own Passwords, Putting Millions at Risk

New details are emerging about a breach at National Public Data (NPD), a consumer data broker that recently spilled hundreds of millions of Americans’ Social Security Numbers, addresses, and phone numbers online. KrebsOnSecurity has learned that another NPD data broker that shares access to the same consumer records inadvertently published the passwords to its back-end database in a file that was freely available from its homepage until Monday. (KrebsOnSecurity)

NSN Email Template v4_Expert-Take
 

“Let us, for the moment, suspend the commentary and get to the important part: Prioritize freezing your credit with Equifax, Experian, and TransUnion as soon as possible.

Not only can it be done in a relatively short time with little effort on your part (seriously, just follow the links above), unfreezing when you actually need it, likewise can be a quick process; When completed online or by phone your request will be fulfilled within one hour of confirmation.

Additionally, you can also freeze your National Consumer Telecom & Utilities Exchange and ChexSystems reports, which will provide an additional layer of protection related to things like utilities and financial accounts not normally tied with the credit bureaus. These are often overlooked but can be invaluable safeguards.

Jessica Owens, Senior SOC Analyst at Ingalls Information Security

 

 

Zero-Click Windows TCP/IP RCE Impacts All Systems With IPv6 Enabled, Patch Now

Microsoft warned customers recently to patch a critical TCP/IP remote code execution (RCE) vulnerability with an increased likelihood of exploitation that impacts all Windows systems using IPv6, which is enabled by default. (BleepingComputer)

 

Chipmaker Patch Tuesday: Intel, AMD Address Over 110 Vulnerabilities

Intel and AMD have each informed customers about dozens of vulnerabilities found and patched in their products. Intel has published 43 new advisories that cover a total of roughly 70 security holes. Nine advisories describe high-severity vulnerabilities. (SecurityWeek)

 

UN Approves Cybercrime Treaty Despite Major Tech, Privacy Concerns

A United Nations committee has advanced the final draft of a treaty intended to combat cross-border cybercriminal organizations, but opponents warn that it contains few safeguards for human rights and could be used by repressive governments to prosecute journalists, cybersecurity researchers, and protesters. (Dark Reading)

 

Microsoft Warns of OpenVPN Vulnerabilities, Potential for Exploit Chains

Software giant Microsoft used the spotlight of the Black Hat security conference to document multiple vulnerabilities in OpenVPN and warned that skilled hackers could create exploit chains for remote code execution attacks. (SecurityWeek)

 

How Phishing Attacks Adapt Quickly to Capitalize on Current Events

Phishing is surging. See why and how it’s exploiting current events, like CrowdStrike's BSOD and; the Olympics. (The Hacker News)

 

New SLUBStick Attack Makes Linux Kernel Vulnerabilities More Dangerous

A team of researchers from the Graz University of Technology in Austria has published a paper on SLUBStick, a new Linux kernel exploitation technique that can make heap vulnerabilities more dangerous. (SecurityWeek)

 

Microsoft Warns of Unpatched Office Vulnerability Leading to Data Exposure

Microsoft has disclosed an unpatched zero-day in Office that, if successfully exploited, could result in unauthorized disclosure of sensitive information to malicious actors. (The Hacker News)

 

'0.0.0.0 Day' Flaw Puts Chrome, Firefox, Mozilla Browsers at RCE Risk

Attackers can use a flaw that exploits the 0.0.0.0 IP address to remotely execute code on various Web browsers — Chrome, Safari, Firefox, and others — putting users at risk for data theft, malware, and other malicious activity, (Dark Reading)

 

Channel File 291 Incident: Root Cause Analysis is Available

Read the findings, mitigations, and technical details of the Channel File 291 incident. (CrowdStrike Blog)

 

Sign Up For Network Security News
Articles of interest from the week of October 14, 2024

Articles of interest from the week of October 14, 2024

Chinese Researchers Break RSA Encryption With a Quantum Computer The research team, led by Wang Chao from Shanghai University, found that D-Wave’s...

Read More
Articles of interest from the week of September 11, 2023

Articles of interest from the week of September 11, 2023

Chrome Zero-Day Exploited in the Wild, Patch Now! (CVE-2023-4863) Google has rolled out a security update for a critical Chrome zero-day...

Read More

Articles of interest from the week of October 3, 2022

Microsoft Confirms Two New Exchange Zero-Day Flaws Being Used in the Wild Microsoft officially disclosed it is investigating two zero-day security...

Read More