Security News > 2024 > March > JetBrains TeamCity under attack by ransomware thugs after disclosure mess

Security researchers are increasingly seeing active exploit attempts using the latest vulnerabilities in JetBrains' TeamCity that in some cases are leading to ransomware deployment.

Christiaan Beek, senior director of threat analytics at Rapid7, noted on AttackerKB that both TeamCity vulnerabilities were spotted being exploited in the wild.

Due to the uncoordinated disclosure of the two vulnerabilities between JetBrains and the researchers at Rapid7 who first discovered and reported the issues this week, all the information that was required for an attacker to develop a working exploit was made public on the same day the patches were released.

In case you missed the drama on Tesday, March 5, Rapid7 was accused of throwing JetBrains under the bus by publishing a disclosure timeline that showed the two vendors' contrasting policies when it comes to publishing details of vulnerabilities.

After Rapid7 saw that JetBrains went ahead and did things its own way, releasing patches with little technical detail, it published its entire report.

JetBrains said it "Never had any intention to release a fix silently without making the full details public," it just wanted to give its customers time to apply the fixes before attacks could spread. "This suggestion was rejected by the Rapid7 team who published full details of the vulnerabilities a few hours after we had released a fix to TeamCity customers."

News URL

https://go.theregister.com/feed/www.theregister.com/2024/03/07/teamcity_exploits_lead_to_ransomware/