Security News > 2024 > March > JetBrains TeamCity under attack by ransomware thugs after disclosure mess
Security researchers are increasingly seeing active exploit attempts using the latest vulnerabilities in JetBrains' TeamCity that in some cases are leading to ransomware deployment.
Christiaan Beek, senior director of threat analytics at Rapid7, noted on AttackerKB that both TeamCity vulnerabilities were spotted being exploited in the wild.
Due to the uncoordinated disclosure of the two vulnerabilities between JetBrains and the researchers at Rapid7 who first discovered and reported the issues this week, all the information that was required for an attacker to develop a working exploit was made public on the same day the patches were released.
In case you missed the drama on Tesday, March 5, Rapid7 was accused of throwing JetBrains under the bus by publishing a disclosure timeline that showed the two vendors' contrasting policies when it comes to publishing details of vulnerabilities.
After Rapid7 saw that JetBrains went ahead and did things its own way, releasing patches with little technical detail, it published its entire report.
JetBrains said it "Never had any intention to release a fix silently without making the full details public," it just wanted to give its customers time to apply the fixes before attacks could spread. "This suggestion was rejected by the Rapid7 team who published full details of the vulnerabilities a few hours after we had released a fix to TeamCity customers."
News URL
https://go.theregister.com/feed/www.theregister.com/2024/03/07/teamcity_exploits_lead_to_ransomware/
Related news
- Massive PSAUX ransomware attack targets 22,000 CyberPanel instances (source)
- North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- City of Columbus: Data of 500,000 stolen in July ransomware attack (source)
- Columbus, Ohio, confirms 500K people affected by Rhysida ransomware attack (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- Halliburton reports $35 million loss after ransomware attack (source)
- New Ymir ransomware partners with RustyStealer in attacks (source)
- New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks (source)
- New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems (source)