JetBrains fingers Rapid7 for customer ransomware attacks The Register

Last week, we wrote about how security outfit Rapid7 threw JetBrains, the company behind the popular CI/CD platform TeamCity, under the bus over allegations of silent patching.
The software developer published its side of the story at the time, but felt the need to go a step further with another blog post this week, hammering home its argument that it did act responsibly and within the norms of vulnerability disclosure.
Following Rapid7's detailed disclosure, within hours on-premises TeamCity users were reporting being hit by ransomware attacks.
We asked Rapid7 if it had a response but it didn't immediately reply.
Speaking of those norms, JetBrains made a point of highlighting the disclosure norms of other major vendors in the industry, such as Google and Microsoft.
Google's Project Zero team follows a policy that affords vendors 90 days to release fixes for vulnerabilities and a further 30 days after they're released before detailed information is released about them.
OWASP acknowledges the merits of both sides and suggests finding a compromise on the disclosure policies if the two parties differ substantially.
National and international cybersecurity authorities generally agree a delay is necessary between reporting and publicly disclosing details of vulnerabilities, although these delays can vary between countries.
Spain, for example, will publish details of a security issue if the vendor fails to patch it within 60 days.
Luxembourg's default deadline is shorter at 30 days, albeit with flexibility built into it for more complex situations, while the US's Cybersecurity and Infrastructure Security Agency can disclose a vulnerability 45 days after the first attempt to contact the relevant vendor.
The EU's cybersecurity agency, ENISA, sets out in its guidelines for developing a disclosure policy that a patch should always be developed within 90 days at the latest.
Rapid7's disclosure policy prioritizes timely disclosures.
The policy stipulates that vendors have 60 days from the point of disclosure to release a fix before public disclosure, with the opportunity to extend that by 30 additional days if a fix can't be developed in that time and, crucially, the vendor works in good faith.
It also says that the company will publish vulnerability details within 24 hours if they suspect a vendor to silently patch vulnerabilities.
Plus, by JetBrains' own admission, it decided four days after Rapid7's disclosure that it would not be following a coordinated disclosure with the researchers.
JetBrains said this was a decision taken to protect its own customers from exploits, but Rapid7 likely saw it as a bad-faith working relationship.
The to and fro should inform future discussions around public disclosures, and the ransomware attacks against TeamCity customers shouldn't be taken lightly.
The average cost of remediating an attack is roughly $1.5 million, meaning vendors must seriously consider the timing of their public disclosures.
Even if Rapid7 thought JetBrains was silently patching vulnerabilities, an assertion JetBrains denies, waiting a week before outing the developer may have helped customers apply patches to prevent these costly attacks.
There's also no guarantee that waiting that time would have sprung admins into action to patch the flaws, so there are arguments to be made for both sides.


This Cyber News was published on go.theregister.com. Publication date: Tue, 12 Mar 2024 17:13:06 +0000


Cyber News related to JetBrains fingers Rapid7 for customer ransomware attacks The Register

JetBrains, Rapid7 clash over vulnerability disclosure policies - A dispute between software maker JetBrains and security vendor Rapid7 has highlighted ongoing concerns with coordinated vulnerability disclosure policies and practices. On March 4, JetBrains disclosed two critical vulnerabilities tracked as ...
1 year ago Techtarget.com CVE-2024-27199 CVE-2024-27198
10 Best Ransomware Protection Tools - 2025 - It protects devices from ransomware and other cyber threats using advanced threat intelligence, behavioral analysis, and cloud-based technology. It monitors and prevents ransomware assaults on personal files and automatically restores encrypted ...
1 month ago Cybersecuritynews.com
Threat Groups Rush to Exploit JetBrains' TeamCity CI/CD Security Flaws - The cyberthreats to users of JetBrains' TeamCity CI/CD platform continue to mount a week after the company issued two fixes to security vulnerabilities, with one cybersecurity vendor noting a ransomware attack that included exploiting the flaws for ...
1 year ago Securityboulevard.com CVE-2024-27198 CVE-2024-27199 BianLian
JetBrains vulnerability exploitation highlights debate over 'silent patching' - Czech software giant JetBrains harshly criticized security company Rapid7 this week following a dispute over two recently-discovered vulnerabilities. In a blog post published Monday, JetBrains attributed the compromise of several customers' servers ...
1 year ago Therecord.media CVE-2024-27198 CVE-2024-27199
JetBrains fingers Rapid7 for customer ransomware attacks The Register - Last week, we wrote about how security outfit Rapid7 threw JetBrains, the company behind the popular CI/CD platform TeamCity, under the bus over allegations of silent patching. The software developer published its side of the story at the time, but ...
1 year ago Go.theregister.com
Recent TeamCity Vulnerability Exploited in Ransomware Attacks - A TeamCity vulnerability disclosed recently in controversial circumstances is being exploited in ransomware attacks, according to the product's developer and cybersecurity companies. On March 4, JetBrains, the developer of the TeamCity build ...
1 year ago Securityweek.com CVE-2024-27198 CVE-2024-27199 BianLian
Adobe Real-Time CDP: Personalized Customer Experience - Adobe Experience Cloud Products like Adobe Real-Time CDP are available to assist. A revolutionary solution called Adobe Real-Time Customer Data Platform was created to assist companies in realizing the whole value of their customer data. Adobe ...
1 year ago Hackread.com
Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
2 years ago Heimdalsecurity.com LockBit
Ransomware's Impact May Include Heart Attacks, Strokes & PTSD - First-order harms: Direct targets of ransomware attacks. The increasing convergence of IT and OT leave physical infrastructures more vulnerable to ransomware, even though most ransomware operators lack the capability to directly compromise OT or ...
1 year ago Techrepublic.com
The Top 10 Ransomware Groups of 2023 - This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion. LockBit has established itself as one of the most notorious ransomware operations since emerging on ...
1 year ago Securityboulevard.com TA505 8base LockBit BianLian Medusa Noescape Black Basta
Review: Top 5 For Outsourced Customer Service Solutions UK and Abroad - For companies that have too many phone calls and emails to keep up, it is very common to outsource your customer services, either domestically in the UK or abroad to the likes of India or The Philippines. An outsourced customer service firm can ...
9 months ago Itsecurityguru.org
The year of Mega Ransomware attacks with unprecedented impact on global organizations - A Staggering 1 in every 10 organizations worldwide hit by attempted Ransomware attacks in 2023, surging 33% from previous year, when 1 in every 13 organisations received ransomware attacks Throughout 2023, organizations around the world have each ...
1 year ago Blog.checkpoint.com
Ransomware in 2023 recap: 5 key takeaways - This provides the best overall picture of ransomware activity, but the true number of attacks is far higher. While some ransomware trends hardly changed over the last year, such as LockBit's continued dominance, ransomware criminals also challenged ...
1 year ago Malwarebytes.com Scattered Spider LockBit
Medusa Ransomware Turning Your Files into Stone - Unit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. The Unit 42 ...
1 year ago Unit42.paloaltonetworks.com Medusa
E-commerce Security: Protecting Customer Data - In today's digital landscape, ensuring the security of customer data in e-commerce is a crucial concern for businesses. Protecting e-commerce data security is a complex task that requires a comprehensive understanding of the challenges faced by ...
1 year ago Securityzap.com
Ransomware Roundup - The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants. This edition of the Ransomware Roundup covers the 8base ransomware. 8base ...
1 year ago Feeds.fortinet.com 8base
Ransomware trends and recovery strategies companies should know - Ransomware attacks can have severe consequences, causing financial losses, reputational damage, and operational disruptions. The methods used to deliver ransomware vary, including phishing emails, malicious websites, and exploiting vulnerabilities in ...
1 year ago Helpnetsecurity.com
The Rise of Digital Customer Experience - Digital customer experience is a hot topic these days. In all seriousness, digital customer experience is one of the most important differentiators for your business. At its core, DCX is about the customer journey-a guided path for your customers to ...
1 year ago Feedpress.me
Best Ransomware Protection Practices for Midsize Organizations - Ransomware Protection has emerged as a crucial step in cybersecurity since ransomware attacks have become a major threat to businesses of all sizes, including midsize organizations. Ransomware attacks can be delivered via email attachments or links, ...
1 year ago Securityboulevard.com
The Week in Ransomware - An international law enforcement operation claims to have dismantled a ransomware affiliate operation in Ukraine, which was responsible for attacks on organizations in 71 countries. The threat actors are said to be affiliates of numerous ransomware ...
1 year ago Bleepingcomputer.com Qilin Cactus Black Basta
Frameworks, Guidelines & Bounties Alone Won't Defeat Ransomware - COMMENTARY. The US government is ramping up efforts to stem the increasingly disruptive scourge of ransomware attacks. The State Department recently offered up to $15 million for information on LockBit, and $10 million for information on the ...
11 months ago Darkreading.com LockBit
Declining Ransomware Payments: Shift in Hacker Tactics? - Several cybersecurity advisories and agencies recommend not caving into ransomware gangs' demands and paying their ransoms. It seems the tide is turning, with a decline in ransomware payments; this article explores the trend and what it might mean ...
1 year ago Securityboulevard.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
The Week in Ransomware - This week was pretty quiet on the ransomware front, with most of the attention on the seizure of the BreachForums data theft forum. That does not mean there was nothing of interest released this week about ransomware. A report by CISA said that the ...
10 months ago Bleepingcomputer.com LockBit Inc ransom Black Basta
Weekly Vulnerability Recap 3/11/24: JetBrains & Atlassian Issues - This past week, both JetBrains TeamCity and Atlassian Confluence products have run into more hiccups as their string of vulnerabilities continues. JetBrains and Atlassian users should pay special attention since vulnerabilities continue cropping up ...
1 year ago Esecurityplanet.com CVE-2024-27198 CVE-2024-27199 CVE-2024-22252 CVE-2024-20337 CVE-2023-22527

Latest Cyber News


Cyber Trends (last 7 days)