As per recent reports, cybersecurity experts uncovered a troubling development on the Python Package Index (PyPI) β a platform used widely by developers to find and distribute Python packages. A malicious package named βcrytic-compilersβ was discovered, mimicking the legitimate βcrytic-compileβ library developed by Trail of Bits. This fraudulent package was designed with sinister intent: to [β¦]
The post Python Developers Targeted Via Fake Crytic-Compilers Package appeared first on TuxCare.
The post Python Developers Targeted Via Fake Crytic-Compilers Package appeared first on Security Boulevard.
Β© Blacki Migliozzi/The New York Times
Β© Travis Dove for The Washington Post, via Getty Images
Β© Bing Guan/Reuters
Β© Andrew Mangum for The New York Times
Β© Blue Origin, via Agence France-Presse β Getty Images
Β© James Estrin/The New York Times
Β© Marilynn K. Yee/The New York Times
Β© Carolyn Kaster/Associated Press
Β© Kim Hairston/The Baltimore Sun
Last week on Malwarebytes Labs:
Stay safe!
Our business solutions remove all remnants of ransomware and prevent you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.
JetBrains issued a warning on March 4, 2024 about two serious vulnerabilities in TeamCity server. The flaws can be used by a remote, unauthenticated attacker with HTTP(S) access to a TeamCity on-premises server to bypass authentication checks and gain administrative control of the TeamCity server.
TeamCity is a build management and continuous integration and deployment server from JetBrains that allows developers to commit code changes into a shared repository several times a day. Each commit is followed by an automated build to ensure that the new changes integrate well into the existing code base and as such can be used to detect problems early.
Compromising a TeamCity server allows an attacker full control over all TeamCity projects, builds, agents and artifacts. Which, depending on the use-case of your projects, could make for a suitable attack vector leading to a supply chain attack.
The two vulnerabilities are CVE-2024-27198, an authentication bypass vulnerability with a CVSS score of 9.8, and CVE-2024-27199, a path traversal issue with a CVSS score of 7.3. The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-27198 to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This means that Federal Civilian Executive Branch (FCEB) agencies need to remediate this vulnerability by March 28, 2024 in order to protect their devices against active threats.
These two vulnerabilities allow an attacker to create new administrator accounts on the TeamCity server which have full control over all TeamCity projects, builds, agents and artifacts.
Exploitation code is readily available online and has already been integrated in offensive security tools like the MetaSploit framework.
So, it doesnβt come as a surprise that researchers are now reporting abuse of the vulnerabilities.
Bleeping Computer reports that attackers have already compromised more than 1,440 instances, while a scan for vulnerable instances by Shadowserver showed that the US and Germany are the most affected countries.
If running JetBrains TeamCity on-prem β make sure to patch for latest CVE-2024-27198 (remote auth bypass) & CVE-2024-27199 vulns NOW!
β Shadowserver (@Shadowserver) March 5, 2024
We started seeing exploitation activity for CVE-2024-27198 around Mar 4th 22:00 UTC. 16 IPs seen scanning so far.https://t.co/zZ0iU5MD8S
The vulnerabilities affect all TeamCity on-premises versions through 2023.11.3 and were fixed in version 2023.11.4. Customers of TeamCity Cloud have already had their servers patched, and according to JetBrains they werenβt attacked.
To update your server,Β download the latest versionΒ (2023.11.4) or use theΒ automatic updateΒ option within TeamCity.Β
JetBrains has also made a security patch plugin available for customers who are unable to upgrade to version 2023.11.4. There are two security patch plugins, one forΒ TeamCity 2018.2 and newerΒ and one forΒ TeamCity 2018.1 and older. See theΒ TeamCity plugin installation instructionsΒ for information on installing the plugin.
If your server is publicly accessible over the internet, and you are unable to immediately mitigate the issue you should probably make your server inaccessible until you can.
We donβt just report on vulnerabilitiesβwe identify them, and prioritize action.
Cybersecurity risks should never spread beyond a headline. Keep vulnerabilities in tow by usingΒ ThreatDown Vulnerability and Patch Management.
Login