Our latest report sheds light on CVE-2024-27198, a severe vulnerability that has been exploited for unauthorized admin access and privilege escalation in JetBrains TeamCity, marked by CISA on March 7, 2024, as a significant threat. This breach has led to Jasmin ransomware attacks and unauthorized user setups, linked to the BianLian and Jasmin families. The Shadowserver Foundation's dashboard reports nearly 500 devices are still at risk, with our investigations uncovering 241 publicly accessible, vulnerable instances. The engagement of North Korean group Kimsuki and others in exploiting this vulnerability underscores the pressing need for comprehensive security measures and awareness among cybersecurity communities.
Link to the Research Report: Vulnerability Analysis and Exploitation : Understanding CVE-2024-27198 in JetBrains TeamCity - CYFIRMA
#JetBrains #TeamCity #CVE-2024-27198 #CyberSecurity #CYFIRMA #CyfirmaResearch #ExternalThreatLandscapeManagement #ETLM

https://www.cyfirma.com/