Security News > 2024 > March > JetBrains is still mad at Rapid7 for the ransomware attacks on its customers
"We fully support the timely disclosure of vulnerability details when a fix is released," writes Daniel Gallo, TeamCity solutions engineer at JetBrains.
Following Rapid7's detailed disclosure, within hours on-premises TeamCity users were reporting being hit by ransomware attacks.
The policy reads: "Through transparent, open, and timely vulnerability disclosures, Rapid7 helps the entire internet protect and defend those assets and services critical to modern civilization."
Rapid7's disclosure timeline indicates that both it and JetBrains differed on their definition of what is meant by "Silent patching," and after seeing JetBrains' TeamCity patches go live, that's what triggered the researcher's full publication.
The to and fro should inform future discussions around public disclosures, and the ransomware attacks against TeamCity customers shouldn't be taken lightly.
Even if Rapid7 thought JetBrains was silently patching vulnerabilities, an assertion JetBrains denies, waiting a week before outing the developer may have helped customers apply patches to prevent these costly attacks.
News URL
https://go.theregister.com/feed/www.theregister.com/2024/03/12/jetbrains_is_still_mad_at/
Related news
- Ransomware on ESXi: The mechanization of virtualized attacks (source)
- OneBlood confirms personal data stolen in July ransomware attack (source)
- Enzo Biochem settles lawsuit over 2023 ransomware attack for $7.5M (source)
- Medusa ransomware group claims attack on UK's Gateshead Council (source)
- Ransomware attack forces Brit high school to shut doors (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Security pros more confident about fending off ransomware, despite being battered by attacks (source)
- Only 13% of organizations fully recover data after a ransomware attack (source)
- Ransomware attack at New York blood services provider – donors turned away during shortage crisis (source)
- Ransomware attack disrupts New York blood donation giant (source)