Security News

A new pair of security vulnerabilities have been disclosed in JetBrains TeamCity On-Premises software that could be exploited by a threat actor to take control of affected systems. The flaws,...

Doing so helps to prevent distributed denial of service attacks against the model, or other situations that would overwhelm the LLM with requests and disrupt its ability to process legitimate requests. The firewall can be deployed in front of any LLM, Molteni told The Register.

A security failure at a third-party vendor exposed an untold number of American Express card numbers, expiry dates, and other data to persons unknown. "We became aware that a third-party service provider engaged by numerous merchants experienced unauthorized access to its system," Amex chief privacy officer Anneke Covell wrote in a letter [PDF] to customers at the end of last month, alerting them to the snafu.

A critical vulnerability in the TeamCity On-Premises CI/CD solution from JetBrains can let a remote unauthenticated attacker take control of the server with administrative permissions. "Compromising a TeamCity server allows an attacker full control over all TeamCity projects, builds, agents and artifacts, and as such is a suitable vector to position an attacker to perform a supply chain attack" - Rapid7.

The North Korean APT hacking group Kimsuky is exploiting ScreenConnect flaws, particularly CVE-2024-1708 and CVE-2024-1709, to infect targets with a new malware variant dubbed ToddlerShark. The threat actors are exploiting authentication bypass and remote code execution flaws disclosed on February 20, 2024, when ConnectWise urged ScreenConnect customers to immediately upgrade their servers to version 23.9.8 or later.

The North Korean APT hacking group Kimsuky is exploiting ScreenConnect flaws, particularly CVE-2024-1708 and CVE-2024-1709, to infect targets with a new malware variant dubbed ToddleShark. The threat actors are exploiting authentication bypass and remote code execution flaws disclosed on February 20, 2024, when ConnectWise urged ScreenConnect customers to immediately upgrade their servers to version 23.9.8 or later.

A new White House report focuses on securing computing at the root of cyber attacks - in this case, reducing the attack surface with memory-safe programming languages like Python, Java and C# and promoting the creation of standardized measurements for software security. Memory safety vulnerabilities a concern in programming languages.

The hacking group known as TA577 has recently shifted tactics by using phishing emails to steal NT LAN Manager authentication hashes to perform account hijacks. NTLM hashes are used in Windows for authentication and session security and can be captured for offline password cracking to obtain the plaintext password.

ALPHV/BlackCat, the gang behind the Change Healthcare cyberattack, has received more than $22 million in Bitcoin in what might be a ransomware payment. Dmitry Smilyanets, an intelligence analyst at infosec outfit Recorded Future, spotted a Bitcoin wallet believed to be linked to ALPHV received 350 Bitcoins, right now worth at least $22 million, in a single transaction on March 1.

North Korean government spies have broken into the servers of at least two chipmakers and stolen product designs as part of attempts to spur Kim Jong Un's plans for a domestic semiconductor industry, according to Seoul's security agency. After exploiting vulnerabilities to gain access - the NIS doesn't specify which the miscreants abused - the North Korean cyberspies used "Living off the land" techniques to remain hidden.