this post was submitted on 07 Mar 2024
14 points (93.8% liked)

/c/cybersecurity - Cybersecurity News & Discussion

2111 readers
2 users here now

A community for technical news and discussion of cybersecurity and closely related topics.

founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 3 points 8 months ago

This is the best summary I could come up with:


Security researchers are increasingly seeing active exploit attempts using the latest vulnerabilities in JetBrains' TeamCity that in some cases are leading to ransomware deployment.

Brody Nisbet, director of threat hunting operations at security shop CrowdStrike, xeeted on Tuesday that telemetry was already showing signs of attacks using a suspected modified version of Jasmin ransomware.

Jasmin is an open source red teaming tool that mimics WannaCry and is designed to help organizations simulate ransomware attacks, but it has been modified in the past for malicious purposes.

Security misconfiguration search engine LeakIX also said CVE-2024-27198, the most severe of the two vulnerabilities, was being exploited at a mass scale, with attackers breaking into CI/CD servers and creating hundreds of accounts for later use.

Due to the uncoordinated disclosure of the two vulnerabilities between JetBrains and the researchers at Rapid7 who first discovered and reported the issues this week, all the information that was required for an attacker to develop a working exploit was made public on the same day the patches were released.

The long and short of it was that JetBrains told Rapid7 it wanted to release patches to customers and give them time to apply them before publishing details of the vulnerabilities that could lead to the development of exploit code.


The original article contains 696 words, the summary contains 211 words. Saved 70%. I'm a bot and I'm open source!