Yet another JetBrains TeamCity On-Prem vulnerability: CVE-2024-23917 (9.8 critical)
If abused, the flaw may enable an unauthenticated attacker with HTTP(S) access to a TeamCity server to bypass authentication checks and gain administrative control of that TeamCity server.
Why you should care about CVE-2024-23917:
Russian Foreign Intelligence Service (SVR) exploited a similar JetBrains TeamCity authentication bypass vulnerability CVE-2023-42793 (9.8 critical) worldwide, as reported in a CISA cybersecurity advisory dated 13 December 2023, less than 2 months ago.
๐จ Latest issue of my curated #cybersecurity and #infosec list of resources for week #42/2023 is out! It includes the following and much more:
โ ๐ ๐ Tracking Unauthorized Access to #Okta's Support System
โ ๐ ๐ฏ๐ต #Casio discloses #databreach impacting customers in 149 countries
โ ๐ ๐งฌ Hacker leaks millions more #23andMe user records on #cybercrime forum
โ ๐ ๐จ๐ณ D-Link confirms data breach after employee #phishing attack
โ ๐ ๐ฐ #Equifax Fined $13.5 Million Over 2017 Data Breach
โ ๐บ๐ฆ ๐งน Ukrainian activists hack Trigona #ransomware gang, wipe servers
โ ๐บ๐ธ ๐ฐ๐ต FBI: Thousands of Remote IT Workers Sent Wages to #NorthKorea to Help Fund Weapons Program
โ ๐ฎ๐ณ โ๏ธ #India targets #Microsoft, #Amazon tech support #scammers in nationwide crackdown
โ ๐ต๐ธ ๐ฎ๐ท #Hamas-linked app offers window into cyber infrastructure, possible links to Iran
โ ๐ฎ๐ปโโ๏ธ ๐ฅท๐ป Police seize #RagnarLocker leak site
โ ๐ฐ๐ต North Korean Hackers Exploiting Recent #TeamCity Vulnerability
โ ๐จ๐ณ ๐ท๐บ #China replaces #Russia as top #cyberthreat
โ ๐บ๐ฆ ๐ก CERT-UA Reports: 11 Ukrainian Telecom Providers Hit by Cyberattacks
โ ๐ซ๐ท ๐ช๐ธ #France frees the two biggest Spanish hackers
โ ๐บ๐ธ โ๏ธ Ex-Navy IT head gets 5 years for selling peopleโs data on #darkweb
โ ๐จ๐ญ ๐ณ๏ธ #Switzerlandโs e-voting system has predictable implementation blunder
โ ๐ ๐ญ Critical Vulnerabilities Expose โโ#Weintek HMIs to Attacks
โ ๐ ๐ญ #Milesight Industrial Router #Vulnerability Possibly Exploited in Attacks
โ ๐ฆ ๐ป๐ณ Fake #Corsair job offers on #LinkedIn push #DarkGate malware
โ ๐ฆ Google-hosted #malvertising leads to fake #Keepass site that looks genuine
โ ๐ฆ ๐ฌ #Discord still a hotbed of #malware activity โ Now APTs join the fun
โ ๐ฆ ๐ต๐ปโโ๏ธ SpyNote: Beware of This Android #Trojan that Records Audio and Phone Calls
โ ๐๏ธ ๐ฆ #Android will now scan sideloaded apps for malware at install time
โ ๐ฌ ๐ #WhatsApp#passkeys on the way, but as usual, for Android first
โ ๐ท๐บ ๐๏ธ Pro-Russian Hackers Exploiting Recent #WinRAR Vulnerability in New Campaign
โ ๐๏ธ โ Signal Pours Cold Water on Zero-Day Exploit Rumors
โ ๐ ๐ฅ #Cisco warns of new #IOS XE #zeroday actively exploited in attacks
๐ This week's recommended reading is: "RTFM: Red Team Field Manual v2" by Ben Clark and Nicholas Downer
Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end โฌ๏ธ
Successful exploitation of the vulnerability could also allow threat actors to access the build pipelines and inject arbitrary code, leading to an integrity breach and supply chain compromise.