Reading view
Python Developers Targeted Via Fake Crytic-Compilers Package
As per recent reports, cybersecurity experts uncovered a troubling development on the Python Package Index (PyPI) – a platform used widely by developers to find and distribute Python packages. A malicious package named ‘crytic-compilers‘ was discovered, mimicking the legitimate ‘crytic-compile’ library developed by Trail of Bits. This fraudulent package was designed with sinister intent: to […]
The post Python Developers Targeted Via Fake Crytic-Compilers Package appeared first on TuxCare.
The post Python Developers Targeted Via Fake Crytic-Compilers Package appeared first on Security Boulevard.
A Chemical-Sniffing Van Shows How Heat Amps Up Pollution
The Unknown Toll Of The AI Takeover
In early May, Google announced it would be adding artificial intelligence to its search engine. When the new feature rolled out, AI Overviews began offering summaries to the top of queries, whether you wanted them or not — and they came at an invisible cost. Investigative journalist Lois Parshley explores this topic for The Lever. Archive.org link.
A Tower Struck Down
Come for the picture of an infrastructure surprise, stay for the heartwarming gelato paragraphs. Transpower are working on it. Meanwhile, have some appropriate music. I'm being flippant but I am in the region affected by this; all is well here. Remember to check in on your neighbours!
"We gots to talk business, friend."
"In front is a veranda, inside is the lobby, and upstairs, baby..."
Cancer Researchers Begin Large Long-Term Study of Black Women
Manhattanhenge 2024: When and Where to Watch
The Algebra Problem: How Middle School Math Became a National ‘Flashpoint’
Ed Dwight Goes to Space 63 Years After Training as 1st Black Astronaut
Racist AI Deepfake of Baltimore Principal Leads to Arrest
A week in security (March 4 – March 10)
Last week on Malwarebytes Labs:
- Patch now! VMWare escape flaws are so serious even end-of-life software gets a fix
- Update now! JetBrains TeamCity vulnerability abused at scale
- PetSmart warns customers of credential stuffing attack
- Predator spyware vendor banned in US
- ALPHV ransomware gang fakes own death, fools no one
- Update your iPhones and iPads now: Apple patches security vulnerabilities in iOS and iPadOS
- Check your DNS! Abandoned domains used to bypass spam checks
- American Express warns customers about third party data breach
- No “Apple magic” as 11% of macOS detections last year came from malware
- Pegasus spyware creator ordered to reveal code used to spy on WhatsApp users
Stay safe!
Our business solutions remove all remnants of ransomware and prevent you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.
Update now! JetBrains TeamCity vulnerability abused at scale
JetBrains issued a warning on March 4, 2024 about two serious vulnerabilities in TeamCity server. The flaws can be used by a remote, unauthenticated attacker with HTTP(S) access to a TeamCity on-premises server to bypass authentication checks and gain administrative control of the TeamCity server.
TeamCity is a build management and continuous integration and deployment server from JetBrains that allows developers to commit code changes into a shared repository several times a day. Each commit is followed by an automated build to ensure that the new changes integrate well into the existing code base and as such can be used to detect problems early.
Compromising a TeamCity server allows an attacker full control over all TeamCity projects, builds, agents and artifacts. Which, depending on the use-case of your projects, could make for a suitable attack vector leading to a supply chain attack.
The two vulnerabilities are CVE-2024-27198, an authentication bypass vulnerability with a CVSS score of 9.8, and CVE-2024-27199, a path traversal issue with a CVSS score of 7.3. The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-27198 to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This means that Federal Civilian Executive Branch (FCEB) agencies need to remediate this vulnerability by March 28, 2024 in order to protect their devices against active threats.
These two vulnerabilities allow an attacker to create new administrator accounts on the TeamCity server which have full control over all TeamCity projects, builds, agents and artifacts.
Exploitation code is readily available online and has already been integrated in offensive security tools like the MetaSploit framework.
So, it doesn’t come as a surprise that researchers are now reporting abuse of the vulnerabilities.
Bleeping Computer reports that attackers have already compromised more than 1,440 instances, while a scan for vulnerable instances by Shadowserver showed that the US and Germany are the most affected countries.
The vulnerabilities affect all TeamCity on-premises versions through 2023.11.3 and were fixed in version 2023.11.4. Customers of TeamCity Cloud have already had their servers patched, and according to JetBrains they weren’t attacked.
To update your server, download the latest version (2023.11.4) or use the automatic update option within TeamCity.
JetBrains has also made a security patch plugin available for customers who are unable to upgrade to version 2023.11.4. There are two security patch plugins, one for TeamCity 2018.2 and newer and one for TeamCity 2018.1 and older. See the TeamCity plugin installation instructions for information on installing the plugin.
If your server is publicly accessible over the internet, and you are unable to immediately mitigate the issue you should probably make your server inaccessible until you can.
We don’t just report on vulnerabilities—we identify them, and prioritize action.
Cybersecurity risks should never spread beyond a headline. Keep vulnerabilities in tow by using ThreatDown Vulnerability and Patch Management.