JetBrains announces a new TeamCity 2024.03 release but doesn't identify any of the 26 vulnerabilities fixed in their blog post. https://blog.jetbrains.com/teamcity/2024/03/teamcity-202403/

In the TeamCity 2024.03 Release Notes they state that "26 security problems have been fixed."

We do not share the details of security-related issues to avoid compromising clients that keep using previous bugfix and/or major versions of TeamCity. Check out our Security Bulletin for the list of disclosed vulnerability fixes. Security bulletins for new versions are typically published within the next few days after the release date.

Patch your TeamCity now before you get compromised by nation state APTs and cybercriminals/ransomware actors.

We added detection for compromised #TeamCity instances:

1711 vulnerable instances were found during our last scan, 1442 show clear signs of rogue user creation.

If you were/are still running a vulnerable system, assume compromise.

We are seeing massive exploitation of #TeamCity CVE-2024-27198.

Hundreds of users are created for later use across the Internet.

#TeamCity (ohne Kotlin DSL)

Sry, fühlt sich einfach wie Steinzeit an

#Russia-linked #APT29 spotted targeting #JetBrains #TeamCity servers
https://securityaffairs.com/155846/hacking/apt29-targeting-jetbrains-teamcity-servers.html
#securityaffairs #hacking

Latest issue of my curated #cybersecurity and #infosec list of resources for week #42/2023 is out! It includes the following and much more:

➝ Tracking Unauthorized Access to #Okta's Support System
➝ #Casio discloses #databreach impacting customers in 149 countries
➝ Hacker leaks millions more #23andMe user records on #cybercrime forum
➝ D-Link confirms data breach after employee #phishing attack
➝ #Equifax Fined $13.5 Million Over 2017 Data Breach
➝ Ukrainian activists hack Trigona #ransomware gang, wipe servers
➝ FBI: Thousands of Remote IT Workers Sent Wages to #NorthKorea to Help Fund Weapons Program
➝ #India targets #Microsoft, #Amazon tech support #scammers in nationwide crackdown
➝ #Hamas-linked app offers window into cyber infrastructure, possible links to Iran
➝ Police seize #RagnarLocker leak site
➝ North Korean Hackers Exploiting Recent #TeamCity Vulnerability
➝ #China replaces #Russia as top #cyberthreat
➝ CERT-UA Reports: 11 Ukrainian Telecom Providers Hit by Cyberattacks
➝ #France frees the two biggest Spanish hackers
➝ ️ Ex-Navy IT head gets 5 years for selling people’s data on #darkweb
➝ #Switzerland’s e-voting system has predictable implementation blunder
➝ Critical Vulnerabilities Expose ​​#Weintek HMIs to Attacks
➝ #Milesight Industrial Router #Vulnerability Possibly Exploited in Attacks
➝ Fake #Corsair job offers on #LinkedIn push #DarkGate malware
➝ Google-hosted #malvertising leads to fake #Keepass site that looks genuine
➝ #Discord still a hotbed of #malware activity — Now APTs join the fun
➝ SpyNote: Beware of This Android #Trojan that Records Audio and Phone Calls
➝ #Android will now scan sideloaded apps for malware at install time
➝ #WhatsApp #passkeys on the way, but as usual, for Android first
➝ Pro-Russian Hackers Exploiting Recent #WinRAR Vulnerability in New Campaign
➝ Signal Pours Cold Water on Zero-Day Exploit Rumors
➝ #Cisco warns of new #IOS XE #zeroday actively exploited in attacks

This week's recommended reading is: "RTFM: Red Team Field Manual v2" by Ben Clark and Nicholas Downer

Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end

https://infosec-mashup.santolaria.net/p/infosec-mashup-week-422023

Today NVD published CVE-2023-42793 - authentication bypass leading to RCE on #TeamCity Servers

CVSS of 9.8 (Critical) ​

​ Patches are already available (version 2023.05.4)

​ https://www.jetbrains.com/privacy-security/issues-fixed/
​ https://nvd.nist.gov/vuln/detail/CVE-2023-42793

Not a whole lot of details yet but I anticipate this one will see in-the-wild activity ​ #ThreatIntel #CTI #JetBrains