Recent Security News

  • Rapid7 throws JetBrains under the bus for ‘uncoordinated vulnerability disclosure’

    March 5, 2024 at 08:19AM Rapid7 accused JetBrains of silently patching two critical vulnerabilities in the TeamCity CI/CD server, despite Rapid7’s policy against such actions. JetBrains’ attempt to release patches before publicly disclosing was met with Rapid7’s refusal. JetBrains later released patches without informing researchers, leading to criticism from the infosec community. From the meeting…

    Read More

  • GhostLocker 2.0 Haunts Businesses Across Middle East, Africa & Asia

    March 5, 2024 at 08:15AM Cybercriminals are conducting widespread attacks across the Middle East, Africa, and Asia using the new GhostLocker 2.0 ransomware. Affected organizations include technology companies, universities, manufacturing, transportation, and government organizations. The attackers demand payment for decryption keys and threaten to release stolen data if their demands are not met. Cisco Talos…

    Read More

  • American Express Discloses Data Breach

    March 5, 2024 at 08:06AM American Express informs customers of a data breach at a third-party services provider, affecting some card members’ account information. Compromised data includes names, card account numbers, and expiration dates. The company is monitoring for fraud and advises impacted individuals on protecting their information. It is unclear how many people were…

    Read More

  • Critical Vulnerability Exposes TeamCity Servers to Takeover

    March 5, 2024 at 07:06AM JetBrains has released patches for critical authentication bypass vulnerabilities in its TeamCity build management server. Tracked as CVE-2024-27198 and CVE-2024-27199, these flaws allow unauthenticated attackers to gain full control of the server, execute arbitrary code, and access sensitive information. A security fix is available in TeamCity version 2023.11.4. Customers are…

    Read More

  • Zeek Security Tool Vulnerabilities Allow ICS Network Hacking

    March 5, 2024 at 07:06AM A recent US CISA advisory disclosed critical and high-severity vulnerabilities in the Zeek network security monitoring tool’s Ethercat plugin, impacting ICS environments. The vulnerabilities, tracked as CVE-2023-7244, CVE-2023-7243, and CVE-2023-7242, could allow threat actors to execute attacks. The researcher, Cameron Whitehead, identified these vulnerabilities, impacting over 10,000 Zeek deployments globally.…

    Read More