Security News

Security researchers are increasingly seeing active exploit attempts using the latest vulnerabilities in JetBrains' TeamCity that in some cases are leading to ransomware deployment. Christiaan Beek, senior director of threat analytics at Rapid7, noted on AttackerKB that both TeamCity vulnerabilities were spotted being exploited in the wild.

Security shop Rapid7 is criticizing JetBrains for flouting its policy against silent patching regarding fixes for two fresh vulnerabilities in the TeamCity CI/CD server. According to the cybersecurity company, it replied by saying it wouldn't agree to swift disclosure, and pointed JetBrains to its policy against silently patching vulnerabilities, which stipulates that if companies violate that policy, Rapid7 will itself release the full details of the vulnerability, including enough information to allow people to develop exploits, within 24 hours.

81% of respondents say the new SEC cybersecurity disclosure ruling will substantially impact their business. The SEC's new cybersecurity rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure took effect on Dec. 15, 2023.

SEC's new cybersecurity risk management, strategy, governance, and incident disclosure rules, which require increased transparency around cybersecurity incidents, have been in effect since December 18, 2023. For businesses that already harbor concerns over their cybersecurity protections, visibility, and incident response preparedness, meeting the SEC's new incident reporting rules can be a serious challenge.

Network-attached storage specialist QNAP has disclosed and released fixes for two new vulnerabilities, one of them a zero-day discovered in early November. Unit 42's assessment, on the other hand, was the polar opposite: "These remote code execution vulnerabilities affecting IoT devices exhibit a combination of low attack complexity and critical impact, making them an irresistible target for threat actors. As a result, protecting IoT devices against such threats is an urgent task."

The only workaround recommended by Fortinet is to disable the SSL VPN. Disabling webmode won't mitigate the vulnerability, it said. Firstly, Fortinet backtracked and said these weren't vulnerabilities at all, instead explaining that they were issued in error and were duplicates of the single vulnerability mentioned in the aforementioned October advisory - CVE-2023-34992.

Fortinet is warning of two new unpatched patch bypasses for a critical remote code execution vulnerability in FortiSIEM, Fortinet's SIEM solution.Fortinet added the two new vulnerabilities tracked as CVE-2024-23108 and CVE-2024-23109 to the original advisory for the CVE-2023-34992 flaw in a very confusing update.

A German court has charged a programmer investigating an IT problem with hacking and fined them €3,000 for what it deemed was unauthorized access to external computer systems and spying on data. The programmer examined the software and found that it established a MySQL connection with a remote server belonging to Modern Solution GmbH, the management software vendor.

SonicWall says it has observed thousands of daily attempts to exploit an Apache OFBiz zero-day for nearly a fortnight. If you use the Apache Software Foundation framework, which includes business process automation apps and other enterprise-friendly functions, you should upgrade to OFBiz version 18.12.11 immediately to patch both this and a second, equally serious hole.

The U.S. Securities and Exchange Commission's new rules around disclosure of cybersecurity incidents go into effect on Dec. 15 for public companies with fiscal years starting on or after that date.Now, those organizations are asking what they need to alter or enhance about their disclosure procedures, incident response and existing cyber capabilities.