JetBrains keeps mum on 26 ‘security problems’ fixed after Rapid7 spat

March 28, 2024 at 01:29PM Users of JetBrains TeamCity are advised to upgrade to the latest version due to the release of 26 security fixes. However, JetBrains has not revealed specific details about the vulnerabilities, opting for extreme caution following past disclosure drama. The new version also introduces a semi-automatic upgrade feature for on-premises users, … Read more

N. Korea-linked Kimsuky Shifts to Compiled HTML Help Files in Ongoing Cyberattacks

March 24, 2024 at 02:57AM Kimsuky, a North Korea-linked threat actor, has been observed utilizing Compiled HTML Help (CHM) files to distribute malware, targeting entities in South Korea, North America, Asia, and Europe. The cybersecurity firm Rapid7 has attributed this activity to Kimsuky with moderate confidence. The group’s tactics include deploying an Endoor backdoor malware … Read more

It’s 2024 and North Korea’s Kimsuky gang is exploiting Windows Help files

March 21, 2024 at 01:39AM Kimsuky cyber crime gang, also known as Black Banshee, Thallium and APT 43, is employing new tactics to conduct their operations, particularly targeting South Korea. Rapid7 suspects their approach involves distributing malicious files, including CHM, ISO, VHD, ZIP, and RAR, and utilizing innovative techniques to execute arbitrary commands and harvest … Read more

JetBrains is still mad at Rapid7 for the ransomware attacks on its customers

March 12, 2024 at 12:34PM JetBrains and Rapid7 are embroiled in a public dispute over a software vulnerability disclosure. Following Rapid7’s detailed disclosure of vulnerabilities in TeamCity, JetBrains accused them of unethical actions which led to ransomware attacks. The spat highlights the need for clear disclosure norms in the infosec space to protect customers and … Read more

Recent TeamCity Vulnerability Exploited in Ransomware Attacks

March 11, 2024 at 11:45AM Recent disclosure of a critical TeamCity vulnerability, CVE-2024-27198, led to ransomware attacks after Rapid7 and JetBrains controversy. Rapid7 publicly detailed the vulnerabilities to ensure transparency, after JetBrains fixed them without informing Rapid7. Threat actors launched attacks soon after disclosure, with some servers compromised and files encrypted. JetBrains blamed Rapid7 for … Read more

Critical TeamCity Vulnerability Exploitation Started Immediately After Disclosure

March 7, 2024 at 06:27AM In March, JetBrains announced patches for two critical vulnerabilities in TeamCity, leading to immediate exploitation attempts due to miscommunication between Rapid7 and JetBrains. Rapid7 disclosed the flaws to prevent silent patching, while JetBrains wanted customers to install patches first. Exploitation attempts were seen from numerous IPs, highlighting the urgency of … Read more

Rapid7 throws JetBrains under the bus for ‘uncoordinated vulnerability disclosure’

March 5, 2024 at 08:19AM Rapid7 accused JetBrains of silently patching two critical vulnerabilities in the TeamCity CI/CD server, despite Rapid7’s policy against such actions. JetBrains’ attempt to release patches before publicly disclosing was met with Rapid7’s refusal. JetBrains later released patches without informing researchers, leading to criticism from the infosec community. From the meeting … Read more

PoC Code Published for Just-Disclosed Fortra GoAnywhere Vulnerability

January 24, 2024 at 09:24AM A critical vulnerability (CVE-2024-0204, CVSS score 9.8) in Fortra’s GoAnywhere MFT allows an unauthenticated attacker to create an admin user. Patches were released on Dec 7, urging customers to update to version 7.4.1. Horizon3.ai published a technical writeup on the bug’s root cause and PoC code one day after the … Read more

U.S. Cybersecurity Agency Warns of Actively Exploited Ivanti EPMM Vulnerability

January 19, 2024 at 12:03AM The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a now-patched critical flaw in Ivanti Endpoint Manager Mobile and MobileIron Core to its Known Exploited Vulnerabilities catalog. The flaw enables unauthorized remote access and has been actively exploited, affecting several versions of the impacted software. Federal agencies are advised … Read more

Ransomware attacks now target unpatched WS_FTP servers

October 12, 2023 at 03:16PM Unpatched WS_FTP servers exposed to the internet are being targeted by ransomware attacks. The Reichsadler Cybercrime Group attempted to deploy ransomware on these servers using a stolen LockBit 3.0 builder. Although some servers have not been patched, the attempt to encrypt data was unsuccessful, although a $500 ransom demand was … Read more