#CVE202427199

TeamCity Vulnerability Exploits Lead to Jasmin Ransomware, Other Malware Types

March 20, 2024 by Xynik

March 20, 2024 at 03:06AM Critical vulnerabilities (CVE-2024-27198 and CVE-2024-27199) in TeamCity On-Premises platform allow attackers to gain administrative control. Exploitation includes deploying Jasmin ransomware, XMRig cryptocurrency miner, Cobalt Strike beacons, SparkRAT backdoor, and executing domain discovery and persistence commands. Organizations must promptly update affected systems to prevent widespread exploitation. Based on the meeting notes, … Read more

Recent TeamCity Vulnerability Exploited in Ransomware Attacks

March 11, 2024 by Xynik

March 11, 2024 at 11:45AM Recent disclosure of a critical TeamCity vulnerability, CVE-2024-27198, led to ransomware attacks after Rapid7 and JetBrains controversy. Rapid7 publicly detailed the vulnerabilities to ensure transparency, after JetBrains fixed them without informing Rapid7. Threat actors launched attacks soon after disclosure, with some servers compromised and files encrypted. JetBrains blamed Rapid7 for … Read more

Critical Vulnerability Exposes TeamCity Servers to Takeover

March 5, 2024 by Xynik

March 5, 2024 at 07:06AM JetBrains has released patches for critical authentication bypass vulnerabilities in its TeamCity build management server. Tracked as CVE-2024-27198 and CVE-2024-27199, these flaws allow unauthenticated attackers to gain full control of the server, execute arbitrary code, and access sensitive information. A security fix is available in TeamCity version 2023.11.4. Customers are … Read more