Bleeping Computer® is an information security and technology news publication created in 2004 by Lawrence Abrams. Millions of visitors come to BleepingComputer.com every month to learn about the latest security threats, technology news, ways to stay protected online, and how to use their computers more efficiently.
Critical TeamCity flaw now widely exploited to create admin accounts
Hackers have started to exploit the critical-severity authentication bypass vulnerability (CVE-2024-27198) in TeamCity On-Premises, which JetBrains addressed in an update on Monday.
Exploitation appears to be massive, with hundreds of new users created on unpatched instances of TeamCity exposed on the public web.
Risk of supply-chain attacks
LeakIX, a search engine for exposed device misconfigurations and vulnerabilities, told BleepingComputer that a little over 1,700 TeamCity servers have yet to receive the fix.
source: LeakIX
- Of these, the platform indicates that hackers have already compromised more than 1,440 instances.
"There are between 3 and 300 hundreds users created on compromised instances, usually the pattern is 8 alphanum characters," LeakIX told BleepingComputer.
source: LeakIX
- GreyNoise, a company that analyzes internet scanning traffic, also recorded on March 5 a sharp increase in attempts to exploit CVE-2024-27198.
- According to GreyNoise statistics, most attempts come from systems in the United States on the DigitalOcean hosting infrastructure.
- This means that compromising them could lead to supply-chain attacks as they may contain sensitive details such as credentials for the environments where code is deployed, published, or stored (e.g. stores and marketplaces, repositories, company infrastructure).
“Compromising a TeamCity server allows an attacker full control over all TeamCity projects, builds, agents and artifacts, and as such is a suitable vector to position an attacker to perform a supply chain attack” --------- Rapid7
Urgent TeamCity update
It is present in the web component of the server and can allow a remote, unauthenticated attacker to take control of a vulnerable server with administrative privileges.
- Discovered by Stephen Fewer, a principal security researcher at Rapid7, the vulnerability was reported to JetBrains in mid-February and fixed on March 4.
- Rapid7 has published complete technical details on what causes the issue and demonstrated how an attacker could exploit it to achieve remote code execution.
With massive exploitation already observed, administrators of on-premise TeamCity instances should take urgent steps towards installing the newest release.
LATEST ARTICLES
CISA, NSA share best practices for securing cloud services
The NSA and the Cybersecurity and Infrastructure Security Agency (CISA) have released five joint cybersecurity bulletins containing on best practices for securing a cloud environment.
- MARCH 07, 2024
- 06:05 PM
0
Switzerland: Play ransomware leaked 65,000 government documents
The National Cyber Security Centre (NCSC) of Switzerland has released a report on its analysis of a data breach following a ransomware attack on Xplain, disclosing that the incident impacted thousands of sensitive Federal government files.
- MARCH 07, 2024
- 03:27 PM
- 1
Windows 10 KB5001716 update fails with 0x80070643 errors, how to fix
Microsoft is pushing out a Windows 10 KB5001716 update used to improve Windows Update that is ironically failing to install, showing 0x80070643 errors.
- MARCH 07, 2024
- 01:00 PM
- 5
MiTM phishing attack can let attackers unlock and steal a Tesla
Researchers demonstrated how they could conduct a Man-in-the-Middle (MiTM) phishing attack to compromise Tesla accounts, unlocking cars, and starting them. The attack works on the latest Tesla app, version 4.30.6, and Tesla software version 11.1 2024.2.7.
- MARCH 07, 2024
- 12:07 PM
- 7
AnyCubic fixes exploited 3D printer zero day flaw with new firmware
AnyCubic has released new Kobra 2 firmware to fix a zero-day vulnerability exploited last month to print security warnings on 3D printers worldwide.
- MARCH 07, 2024
- 11:10 AM
- 0
Google engineer caught stealing AI tech secrets for Chinese firms
The U.S. Department of Justice (DoJ) has announced the unsealing of an indictment against Linwei (Leon) Ding, 38, a former software engineer at Google, suspected of stealing Google AI trade secrets for Chinese companies.
- MARCH 07, 2024
- 09:56 AM
- 0
FBI: U.S. lost record $12.5 billion to online crime in 2023
FBI's Internet Crime Complaint Center (IC3) has released its 2023 Internet Crime Report, which recorded a 22% increase in reported losses compared to 2022, amounting to a record of $12.5 billion.
- MARCH 07, 2024
- 07:53 AM
- 1
Enhance your commute with a refurbished MacBook Air for over $750 off
A Mac offers a lightweight user experience, in every sense of the word, ideal for a commute. Get a refurbished MacBook Air for $345.99, $763 off the $1109 MSRP.
- MARCH 07, 2024
- 07:16 AM
- 0
PetSmart warns of credential stuffing attacks trying to hack accounts
Pet retail giant PetSmart is warning some customers their passwords were reset due to an ongoing credential stuffing attack attempting to breach accounts.
- MARCH 06, 2024
- 07:25 PM
- 0
Critical TeamCity flaw now widely exploited to create admin accounts
Hackers have started to exploit the critical-severity authentication bypass vulnerability (CVE-2024-27198) in TeamCity On-Premises, which JetBrains addressed in an update on Monday.
- MARCH 06, 2024
- 07:19 PM
- 0
Hacked WordPress sites use visitors' browsers to hack other sites
Hackers are conducting widescale attacks on WordPress sites to inject scripts that force visitors' browsers to bruteforce passwords for other sites.
- MARCH 06, 2024
- 05:35 PM
- 0
Hackers impersonate U.S. government agencies in BEC attacks
A gang of hackers specialized in business email compromise (BEC) attacks and tracked as TA4903 has been impersonating various U.S. government entities to lure targets into opening malicious files carrying links to fake bidding processes.
- MARCH 06, 2024
- 03:34 PM
- 0
Save $445 on a refurbished Microsoft Surface Pro 6 and Type cover
When you're working on the go, you shouldn't have to juggle devices. This refurbished Microsoft Surface Pro 6 gives you multiple form factors for $393.99, $455 off the $849 MSRP.
- MARCH 06, 2024
- 02:11 PM
- 0
Duvel says it has "more than enough" beer after ransomware attack
Duvel Moortgat Brewery was hit by a ransomware attack late last night, bringing to a halt the beer production in the company's bottling facilities
- MARCH 06, 2024
- 01:15 PM
- 3
Canada's anti-money laundering agency offline after cyberattack
The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) has announced that a "cyber incident" forced it to take its corporate systems offline as a precaution.
- MARCH 06, 2024
- 12:30 PM
- 4
Hackers target Docker, Hadoop, Redis, Confluence with new Golang malware
Hackers are targeting misconfigured servers running Apache Hadoop YARN, Docker, Confluence, or Redis with new Golang-based malware that automates the discovery and compromise of the hosts.
- MARCH 06, 2024
- 07:09 AM
- 0
NSA shares zero-trust guidance to limit adversaries on the network
The National Security Agency is sharing new guidance to help organizations limit an adversary's movement on the internal network by adopting zero-trust framework principles.
- MARCH 05, 2024
- 06:29 PM
- 1
No comments:
Post a Comment