CarderPlanet
Professional
- Messages
- 2,552
- Reaction score
- 693
- Points
- 83
The vulnerability was fixed a couple of weeks ago, but hackers do not think to retreat.
Ransomware gangs are increasingly targeting a recently patched vulnerability in JetBrains TeamCity Continuous Integration and deployment server.
The critical bug, registered under the identifier CVE-2023-42793 and has a CVSS severity rating of 9.8 out of 10 points, allows attackers to remotely execute code after successfully bypassing authentication. The special feature of the attack is that it does not require user interaction.
Swiss cybersecurity company Sonar, whose researchers discovered and reported this vulnerability, published full technical information about the vulnerability just a week after JetBrains released a patch for TeamCity that closes this gap.
JetBrains confirmed that the vulnerability affects all versions of TeamCity up to the latest patched release 2023.05.4, but only local servers installed on Windows, Linux and macOS, as well as those running in Docker, are at risk.
However, Sonar's Stefan Schiller highlighted the vulnerability: "The bug allows attackers to not only steal source code, but also stored service secrets and private keys. With access to the build process, attackers can inject malicious code, breaking the integrity of the software and affecting all end users."
Researchers from the nonprofit organization Shadowserver, meanwhile, found 1,240 TeamCity servers vulnerable to attacks.
A few days after the Sonar report was published, GreyNoise and PRODAFT reported that hackers had started exploiting this vulnerability against uncorrected TeamCity instances. PRODAFT clarified that many popular ransomware groups have already added an exploit for CVE-2023-42793 to their arsenal.
GreyNoise recorded attacks from 56 different IP addresses targeting TeamCity servers. At the same time, organizations that did not install the patch before September 29 are highly likely to have already been hacked.
JetBrains TeamCity software is used by developers in more than 30,000 organizations worldwide, including companies such as Citibank, Ubisoft, HP, Nike, and Ferrari.
The best recommendation for organizations that use TeamCity is to immediately update their servers to the latest version of the software.
Ransomware gangs are increasingly targeting a recently patched vulnerability in JetBrains TeamCity Continuous Integration and deployment server.
The critical bug, registered under the identifier CVE-2023-42793 and has a CVSS severity rating of 9.8 out of 10 points, allows attackers to remotely execute code after successfully bypassing authentication. The special feature of the attack is that it does not require user interaction.
Swiss cybersecurity company Sonar, whose researchers discovered and reported this vulnerability, published full technical information about the vulnerability just a week after JetBrains released a patch for TeamCity that closes this gap.
JetBrains confirmed that the vulnerability affects all versions of TeamCity up to the latest patched release 2023.05.4, but only local servers installed on Windows, Linux and macOS, as well as those running in Docker, are at risk.
However, Sonar's Stefan Schiller highlighted the vulnerability: "The bug allows attackers to not only steal source code, but also stored service secrets and private keys. With access to the build process, attackers can inject malicious code, breaking the integrity of the software and affecting all end users."
Researchers from the nonprofit organization Shadowserver, meanwhile, found 1,240 TeamCity servers vulnerable to attacks.
A few days after the Sonar report was published, GreyNoise and PRODAFT reported that hackers had started exploiting this vulnerability against uncorrected TeamCity instances. PRODAFT clarified that many popular ransomware groups have already added an exploit for CVE-2023-42793 to their arsenal.
GreyNoise recorded attacks from 56 different IP addresses targeting TeamCity servers. At the same time, organizations that did not install the patch before September 29 are highly likely to have already been hacked.
JetBrains TeamCity software is used by developers in more than 30,000 organizations worldwide, including companies such as Citibank, Ubisoft, HP, Nike, and Ferrari.
The best recommendation for organizations that use TeamCity is to immediately update their servers to the latest version of the software.
