Exploit Available for New Critical JetBrains TeamCity Authentication Bypass Bug, Patch Now

/in

The JetBrains TeamCity On-Premises CI/CD solution has been found to have two critical vulnerabilities (CVE-2024-27198 and CVE-2024-27199) that can allow remote attackers to take control of the server and modify system settings without authentication.

Cyware News – Latest Cyber News – ​Read More

Epic Games ‘hackers’ admit threat of leak was phony

/in

The “hacker” group that claimed to have breached Epic Games now says it was an elaborate con, and Epic says there was no legitimate threat.Read More

Security News | VentureBeat – ​Read More

Critical TeamCity Bugs Endanger Software Supply Chain

/in

Customers should immediately patch critical vulnerabilities in on-prem deployments of the CI/CD pipeline tool JetBrains TeamCity that could allow threat actors to gain admin control over servers.

darkreading – ​Read More

Zero-Click GenAI Worm Spreads Malware, Poisoning Models

/in

35 years after the Morris worm, we’re still dealing with a version of the same issue: data overlapping with control.

darkreading – ​Read More

Amex Customer Data Exposed in Third-Party Breach

/in

The breach occurred through a third-party service provider frequently used by the company’s travel services division.

darkreading – ​Read More

Critical JetBrains TeamCity On-Premises Flaws Could Lead to Server Takeovers

/in

A new pair of security vulnerabilities have been disclosed in JetBrains TeamCity On-Premises software that could be exploited by a threat actor to take control of affected systems.
The flaws, tracked as CVE-2024-27198 (CVSS score: 9.8) and CVE-2024-27199 (CVSS score: 7.3), have been addressed in version 2023.11.4. They impact all TeamCity On-Premises versions through 2023.11.3.
“The

The Hacker News – ​Read More

Seoul Spies Say North Korea Hackers Stole Semiconductor Secrets

/in

The DPRK is using cyberattacks to steal designs and other data from South Korean microchip manufacturers, according to Seoul’s National Intelligence Service.

darkreading – ​Read More

White House Recommends Memory-Safe Programming Languages and Security-by-Design

/in

A new report promotes preventing cyberattacks by using memory-safe languages and the development of software safety standards.

Security | TechRepublic – ​Read More

Pentagon Leaker Jack Teixeira Pleads Guilty Under a Deal That Calls for at Least 11 Years in Prison

/in

The 22-year-old Air National Guard member admitted illegally collecting some of the nation’s most sensitive secrets and sharing them with other users on Discord.

The post Pentagon Leaker Jack Teixeira Pleads Guilty Under a Deal That Calls for at Least 11 Years in Prison appeared first on SecurityWeek.

SecurityWeek – ​Read More

Middle East Leads in Deployment of DMARC Email Security

/in

Yet challenges remain as many nation’s policies for the email authentication protocol remain lax and could run afoul of Google’s and Yahoo’s restrictions.

darkreading – ​Read More