#TeamCityVulnerability

TeamCity Vulnerability Exploits Lead to Jasmin Ransomware, Other Malware Types

March 20, 2024 by Xynik

March 20, 2024 at 03:06AM Critical vulnerabilities (CVE-2024-27198 and CVE-2024-27199) in TeamCity On-Premises platform allow attackers to gain administrative control. Exploitation includes deploying Jasmin ransomware, XMRig cryptocurrency miner, Cobalt Strike beacons, SparkRAT backdoor, and executing domain discovery and persistence commands. Organizations must promptly update affected systems to prevent widespread exploitation. Based on the meeting notes, … Read more

Recent TeamCity Vulnerability Exploited in Ransomware Attacks

March 11, 2024 by Xynik

March 11, 2024 at 11:45AM Recent disclosure of a critical TeamCity vulnerability, CVE-2024-27198, led to ransomware attacks after Rapid7 and JetBrains controversy. Rapid7 publicly detailed the vulnerabilities to ensure transparency, after JetBrains fixed them without informing Rapid7. Threat actors launched attacks soon after disclosure, with some servers compromised and files encrypted. JetBrains blamed Rapid7 for … Read more

Critical TeamCity Vulnerability Exploitation Started Immediately After Disclosure

March 7, 2024 by Xynik

March 7, 2024 at 06:27AM In March, JetBrains announced patches for two critical vulnerabilities in TeamCity, leading to immediate exploitation attempts due to miscommunication between Rapid7 and JetBrains. Rapid7 disclosed the flaws to prevent silent patching, while JetBrains wanted customers to install patches first. Exploitation attempts were seen from numerous IPs, highlighting the urgency of … Read more

In Other News: Crypto Exchange Hack Guilty Plea, Rating AI Vulnerabilities, Intellexa Spyware

December 22, 2023 by Xynik

December 22, 2023 at 09:12AM SecurityWeek releases a weekly cybersecurity roundup with notable stories. This week includes Ukrainian hackers targeting a Russian water utility, a former security engineer admitting to cryptocurrency exchange hacks, patches from Apple and Adobe, and various vulnerability and fraud reports. Additionally, Google shut down thousands of YouTube channels linked to influence … Read more

Russian Cyberspies Exploiting TeamCity Vulnerability at Scale: Government Agencies

December 14, 2023 by Xynik

December 14, 2023 at 06:24AM Russian cyberespionage group APT29 exploited a recent TeamCity vulnerability, impacting on-premises instances, to conduct large-scale cyberattacks since September 2023. US, UK, and Polish government agencies confirm APT29’s exploitation, linking the group to the Russian Foreign Intelligence Service. The exploitation enabled the group to access networks, deploy backdoors, and exfiltrate sensitive … Read more

Global TeamCity Exploitation Opens Door to SolarWinds-Style Nightmare

December 13, 2023 by Xynik

December 13, 2023 at 06:32PM APT29, the Russian cyber threat group responsible for the SolarWinds hack, is actively exploiting a critical security vulnerability in JetBrains TeamCity. This presents a global threat, potentially enabling access to valuable data and the possibility of sabotaging software compilations and deployments. Patching alone won’t mitigate the danger, making active threat … Read more