March 20, 2024 at 07:30AM Multiple threat actors are exploiting security flaws in JetBrains TeamCity software to deploy ransomware, cryptocurrency miners, Cobalt Strike beacons, and a Golang-based remote access trojan. The attacks entail the exploitation of CVE-2024-27198, enabling adversaries to gain administrative control over affected servers. Organizations using TeamCity are urged to update their software … Read more
March 20, 2024 at 03:06AM Critical vulnerabilities (CVE-2024-27198 and CVE-2024-27199) in TeamCity On-Premises platform allow attackers to gain administrative control. Exploitation includes deploying Jasmin ransomware, XMRig cryptocurrency miner, Cobalt Strike beacons, SparkRAT backdoor, and executing domain discovery and persistence commands. Organizations must promptly update affected systems to prevent widespread exploitation. Based on the meeting notes, … Read more
March 11, 2024 at 11:45AM Recent disclosure of a critical TeamCity vulnerability, CVE-2024-27198, led to ransomware attacks after Rapid7 and JetBrains controversy. Rapid7 publicly detailed the vulnerabilities to ensure transparency, after JetBrains fixed them without informing Rapid7. Threat actors launched attacks soon after disclosure, with some servers compromised and files encrypted. JetBrains blamed Rapid7 for … Read more
March 8, 2024 at 02:09AM The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw in JetBrains TeamCity On-Premises software to its Known Exploited Vulnerabilities catalog due to active exploitation by threat actors. The vulnerability allows for complete server compromise and has been weaponized to deliver ransomware. Users are urged to … Read more
March 5, 2024 at 07:06AM JetBrains has released patches for critical authentication bypass vulnerabilities in its TeamCity build management server. Tracked as CVE-2024-27198 and CVE-2024-27199, these flaws allow unauthenticated attackers to gain full control of the server, execute arbitrary code, and access sensitive information. A security fix is available in TeamCity version 2023.11.4. Customers are … Read more
March 4, 2024 at 05:44PM A critical vulnerability in JetBrains’ TeamCity On-Premises CI/CD solution (CVE-2024-27198) allows remote attackers to gain administrative control. Exploits are available, prompting urgent updates to the latest product version or installation of a security patch. Another vulnerability (CVE-2024-27199) permits unauthorized system settings modification. Administrators must prioritize addressing these issues. Rapid7 discovered … Read more