The team logo
Daily Brief Changelog
v0.7

Article Details

Scrape Timestamp (UTC): 2024-03-08 06:16:11.128

Source: https://thehackernews.com/2024/03/cisa-warns-of-actively-exploited.html

Original Article Text

Click to Toggle View

CISA Warns of Actively Exploited JetBrains TeamCity Vulnerability. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting JetBrains TeamCity On-Premises software to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2024-27198 (CVSS score: 9.8), refers to an authentication bypass bug that allows for a complete compromise of a susceptible server by a remote unauthenticated attacker. It was addressed by JetBrains earlier this week alongside CVE-2024-27199 (CVSS score: 7.3), another moderate-severity authentication bypass flaw that allows for a "limited amount" of information disclosure and system modification. "The vulnerabilities may enable an unauthenticated attacker with HTTP(S) access to a TeamCity server to bypass authentication checks and gain administrative control of that TeamCity server," the company noted at the time. Threat actors have been observed weaponizing the twin flaws to deliver Jasmin ransomware as well as create hundreds of rogue user accounts, according to CrowdStrike and LeakIX. The Shadowserver Foundation said it detected exploitation attempts starting from March 4, 2024. Statistics shared by GreyNoise show that CVE-2024-27198 has come under broad exploitation from over a dozen unique IP addresses shortly after public disclosure of the flaw. In light of active exploitation, users running on-premises versions of the software are advised to apply the updates as soon as possible to mitigate potential threats. Federal agencies are required to patch their instances by March 28, 2024. State of AI in the Cloud 2024 Find out what 150,000+ cloud accounts revealed about the AI surge. Goodbye, Atlassian Server. Goodbye… Backups? Protect your data on Atlassian Cloud from disaster with daily backups and on-demand restores. Take Action Fast with Censys Search for Security Teams Stay ahead of advanced threat actors with best-in-class threat intelligence from Censys Search.

Daily Brief Summary

CYBERCRIME // JetBrains TeamCity Vulnerability Actively Exploited, CISA Issues Alert

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw in JetBrains TeamCity to its list of exploited vulnerabilities.

Tracked as CVE-2024-27198, the vulnerability allows attackers to bypass authentication and compromise servers, with a CVSS score of 9.8.

An additional moderate-severity flaw, CVE-2024-27199, was also addressed, allowing partial information disclosure and system modification.

Attacks exploiting the vulnerabilities have been linked to the delivery of Jasmin ransomware and the creation of rogue user accounts.

Exploitation attempts detected since March 4, 2024, indicate active and widespread attempts to leverage the flaw by threat actors.

CISA advises users of the on-premises TeamCity software to update immediately, with federal agencies mandated to patch by March 28, 2024.