JetBrains TeamCity Exploits Continue

This week's news includes open-source software vulnerabilities, endangered data, and continued attacks from state-sponsored Russian threat groups.
Type of vulnerability: Cross-site scripting and command injection.
The problem: Code analysis software SonarCloud found three vulnerabilities in open-source firewall software pfSense - two cross-site scripting issues and a command injection vulnerability.
NIST has cataloged the three vulnerabilities as CVE-2023-42325, CVE-2023-42327, and CVE-2023-42326.
Used in conjunction, these vulnerabilities allow a threat actor to remotely execute arbitrary code on a pfSense server.
PfSense CE 2.7.0 and below and pfSense Plus 23.05.1 and below are susceptible to the vulnerabilities.
While the vulnerabilities were discovered this summer, Sonar didn't release its report until last week.
The fix: Sonar provides recommendations for patching the vulnerabilities, including patch commits from open-source networking vendor Netgate.
Versions 2.7.1 and 23.09 of pfSense have also fixed this vulnerability.
Type of vulnerability: Unauthenticated access to Dataproc clusters.
Orca Security's research group released an article covering this vulnerability.
The problem: The National Security Agency released a press announcement last week concerning active exploits of a JetBrains TeamCity server exploit.
According to the NSA, threat actor groups like APT29 and CozyBear, which make up the Russian Foreign Intelligence Service, have been exploiting the known vulnerability since September 2023.
Threat actors use the vulnerability known as CVE-2023-42793 to access the TeamCity servers and take further action, including escalating their privileges.
The problem: Backup Migration, a WordPress plugin installed on tens of thousands of websites, has a vulnerability allowing remote code execution.
The vulnerability, CVE-2023-6553, affects every version of Backup Migration until version 1.3.6.
The fix: After receiving the report from Wordfence, the developers of Backup Migration released a patch earlier in December for the vulnerability, included in version 1.3.8.
Type of vulnerability: Parameter manipulation allowing path traversal and potential remote code execution.
The vulnerability allows threat actors to manipulate parameters and enable path traversal, according to NIST. This could allow them to upload malicious files and execute remote code.
Next, read about the stages of the vulnerability management lifecycle, which include assessing, prioritizing, and reassessing weaknesses in your IT environment.


This Cyber News was published on www.esecurityplanet.com. Publication date: Mon, 18 Dec 2023 20:43:05 +0000


Cyber News related to JetBrains TeamCity Exploits Continue

JetBrains, Rapid7 clash over vulnerability disclosure policies - A dispute between software maker JetBrains and security vendor Rapid7 has highlighted ongoing concerns with coordinated vulnerability disclosure policies and practices. On March 4, JetBrains disclosed two critical vulnerabilities tracked as ...
9 months ago Techtarget.com
Echoes of SolarWinds: JetBrains TeamCity servers under attack by Russia-backed hackers - The SolarWinds hackers are infiltrating JetBrains TeamCity servers via a critical vulnerability enabling authorization bypass and arbitrary code execution, government officials warn. Russian Foreign Intelligence Service-backed threat actor CozyBear ...
1 year ago Packetstormsecurity.com
TeamCity Intrusion Saga: APT29 Suspected Among the Attackers Exploiting CVE-2023-42793 - As part of this analysis, we look at threat actor TTPs employed throughout the intrusion and how they were identified and pieced together by the FortiGuard IR team. The following section of this report focuses on the activities of one of these threat ...
1 year ago Feeds.fortinet.com
Threat Groups Rush to Exploit JetBrains' TeamCity CI/CD Security Flaws - The cyberthreats to users of JetBrains' TeamCity CI/CD platform continue to mount a week after the company issued two fixes to security vulnerabilities, with one cybersecurity vendor noting a ransomware attack that included exploiting the flaws for ...
9 months ago Securityboulevard.com
Weekly Vulnerability Recap 3/11/24: JetBrains & Atlassian Issues - This past week, both JetBrains TeamCity and Atlassian Confluence products have run into more hiccups as their string of vulnerabilities continues. JetBrains and Atlassian users should pay special attention since vulnerabilities continue cropping up ...
9 months ago Esecurityplanet.com
JetBrains warns of new TeamCity auth bypass vulnerability - JetBrains urged customers today to patch their TeamCity On-Premises servers against a critical authentication bypass vulnerability that can let attackers take over vulnerable instances with admin privileges. Tracked as CVE-2024-23917, this critical ...
10 months ago Bleepingcomputer.com
TeamCity Software Vulnerability Exploited Globally - Over the past few days a security breach has transpired, hackers are taking advantage of a significant flaw in TeamCity On-Premises software, allowing them to create unauthorised admin accounts. This flaw, known as CVE-2024-27198, has prompted urgent ...
9 months ago Cysecurity.news
Russian APT exploiting JetBrains TeamCity vulnerability - A known JetBrains TeamCity vulnerability is now being exploited by two nation-state threat groups as some organizations have yet to patch the critical flaw. CISA issued a joint government advisory Wednesday to warn users that a Russian advanced ...
1 year ago Techtarget.com
JetBrains vulnerability exploitation highlights debate over 'silent patching' - Czech software giant JetBrains harshly criticized security company Rapid7 this week following a dispute over two recently-discovered vulnerabilities. In a blog post published Monday, JetBrains attributed the compromise of several customers' servers ...
9 months ago Therecord.media
Global TeamCity Exploitation Opens Door to SolarWinds-Style Nightmare - APT29, the notorious Russian advanced persistent threat behind the 2020 SolarWinds hack, is actively exploiting a critical security vulnerability in JetBrains TeamCity that could open the door to rampant software supply chain attacks. According to ...
1 year ago Darkreading.com
JetBrains releases security fixes for TeamCity CI/CD system - Two critical security vulnerabilities discovered by Rapid7 could allow an attacker to gain administrative control of TeamCity On-Premises servers. Editor at Large, InfoWorld| Mar 12, 2024 10:25 am PDT. JetBrains has released fixes for two critical ...
9 months ago Infoworld.com
Russian Hackers Exploiting JetBrains Vulnerability to Hack Servers - The Federal Bureau of Investigation, the National Security Agency, and other co-authoring agencies have issued a warning that Russian Foreign Intelligence Service cyber actors are widely exploiting CVE-2023-42793, aiming their attacks at servers that ...
1 year ago Gbhackers.com
Recent TeamCity Vulnerability Exploited in Ransomware Attacks - A TeamCity vulnerability disclosed recently in controversial circumstances is being exploited in ransomware attacks, according to the product's developer and cybersecurity companies. On March 4, JetBrains, the developer of the TeamCity build ...
9 months ago Securityweek.com
JetBrains fingers Rapid7 for customer ransomware attacks The Register - Last week, we wrote about how security outfit Rapid7 threw JetBrains, the company behind the popular CI/CD platform TeamCity, under the bus over allegations of silent patching. The software developer published its side of the story at the time, but ...
9 months ago Go.theregister.com
CISA: Russian hackers target TeamCity servers since September - CISA and partner cybersecurity agencies and intelligence services warned that the APT29 hacking group linked to Russia's Foreign Intelligence Service has been targeting unpatched TeamCity servers in widespread attacks since September 2023. APT29 is ...
1 year ago Bleepingcomputer.com
Russia is exploiting JetBrains TeamCity users at large scale The Register - Updated The offensive cyber unit linked to Russia's Foreign Intelligence Service is exploiting the critical vulnerability affecting the JetBrains TeamCity CI/CD server at scale, and has been since September, authorities warn. Announced in late ...
1 year ago Go.theregister.com
Weekly Vulnerability Recap 2/12/24: Continued Ivanti, JetBrains Issues - This week saw some repeat products from previous vulnerability recaps, such as Ivanti Policy Secure and JetBrains TeamCity servers. Make sure your security teams consistently check vendor bulletins for vulnerability announcements so your business can ...
10 months ago Esecurityplanet.com
An Argument for Coordinated Disclosure of New Exploits - There were more than 23,000 vulnerabilities discovered and disclosed. While not all of them had associated exploits, it has become more and more common for there to be a proverbial race to the bottom to see who can be the first to release an exploit ...
6 months ago Darkreading.com
Russian hackers target unpatched JetBrains TeamCity servers - Russian state-sponsored hackers have been exploiting CVE-2023-42793 to target unpatched, internet-facing JetBrains TeamCity servers since September 2023, US, UK and Polish cybersecurity and law enforcement authorities have warned. APT 29, believed to ...
1 year ago Helpnetsecurity.com
Fake AV websites used to distribute info-stealer malware - CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 ...
6 months ago Securityaffairs.com
Fake AV websites used to distribute info-stealer malware - Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. Threat actors actively ...
6 months ago Securityaffairs.com
Sav-Rx data breach impacted over 2.8 million individuals - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks. Microsoft fixed two zero-day bugs exploited in malware ...
6 months ago Securityaffairs.com
North Korean hackers exploit critical TeamCity flaw to breach networks - Microsoft says that the North Korean Lazarus and Andariel hacking groups are exploiting the CVE-2023-42793 flaw in TeamCity servers to deploy backdoor malware, likely to conduct software supply chain attacks. In September, TeamCity fixed a critical ...
1 year ago Bleepingcomputer.com
Russian Cyberspies Exploiting TeamCity Vulnerability at Scale: Government Agencies - The Russian cyberespionage group known as APT29 has been exploiting a recent TeamCity vulnerability on a large scale since September 2023, according to government agencies in the US, UK, and Poland. The issue, tracked as CVE-2023-42793 and impacting ...
1 year ago Securityweek.com
JetBrains TeamCity Exploits Continue - This week's news includes open-source software vulnerabilities, endangered data, and continued attacks from state-sponsored Russian threat groups. Type of vulnerability: Cross-site scripting and command injection. The problem: Code analysis software ...
1 year ago Esecurityplanet.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)