Security News > 2024 > March > JetBrains is still mad at Rapid7 for the ransomware attacks on its customers
"We fully support the timely disclosure of vulnerability details when a fix is released," writes Daniel Gallo, TeamCity solutions engineer at JetBrains.
Following Rapid7's detailed disclosure, within hours on-premises TeamCity users were reporting being hit by ransomware attacks.
The policy reads: "Through transparent, open, and timely vulnerability disclosures, Rapid7 helps the entire internet protect and defend those assets and services critical to modern civilization."
Rapid7's disclosure timeline indicates that both it and JetBrains differed on their definition of what is meant by "Silent patching," and after seeing JetBrains' TeamCity patches go live, that's what triggered the researcher's full publication.
The to and fro should inform future discussions around public disclosures, and the ransomware attacks against TeamCity customers shouldn't be taken lightly.
Even if Rapid7 thought JetBrains was silently patching vulnerabilities, an assertion JetBrains denies, waiting a week before outing the developer may have helped customers apply patches to prevent these costly attacks.
News URL
https://go.theregister.com/feed/www.theregister.com/2024/03/12/jetbrains_is_still_mad_at/
Related news
- Embargo ransomware escalates attacks to cloud environments (source)
- JPCERT shares Windows Event Log tips to detect ransomware attacks (source)
- Ransomware attack forces UMC Health System to divert some patients (source)
- Underground ransomware claims attack on Casio, leaks stolen data (source)
- Casio confirms customer data stolen in a ransomware attack (source)
- Schools bombarded by nation-state attacks, ransomware gangs, and everyone in between (source)
- BianLian ransomware claims attack on Boston Children's Health Physicians (source)
- Microsoft: Ransomware Attacks Growing More Dangerous, Complex (source)
- Tech giant Nidec confirms data breach following ransomware attack (source)
- Crypt Ghouls Targets Russian Firms with LockBit 3.0 and Babuk Ransomware Attacks (source)