Day 19 #100cyberdays🎯 

𝐉𝐞𝐭𝐁𝐫𝐚𝐢𝐧𝐬 𝐓𝐞𝐚𝐦𝐂𝐢𝐭𝐲 𝐀𝐮𝐭𝐡𝐞𝐧𝐭𝐢𝐜𝐚𝐭𝐢𝐨𝐧 𝐁𝐲𝐩𝐚𝐬𝐬 𝐀𝐭𝐭𝐚𝐜𝐤

𝐓𝐄𝐀𝐌𝐂𝐈𝐓𝐘 𝐈𝐍𝐓𝐑𝐔𝐒𝐈𝐎𝐍 𝐒𝐀𝐆𝐀 : 𝐀𝐏𝐓29 𝐒𝐮𝐬𝐩𝐞𝐜𝐭𝐞𝐝 𝐀𝐦𝐨𝐧𝐠 𝐄𝐱𝐩𝐥𝐨𝐢𝐭𝐢𝐧𝐠 CVE-2023-42793

𝐑𝐞𝐩𝐨𝐫𝐭 𝐫𝐞𝐥𝐞𝐚𝐬𝐞 𝐝𝐚𝐭𝐞 : December 13, 2023

1️⃣ 𝐈𝐍𝐓𝐑𝐎 𝐀𝐁𝐎𝐔𝐓 𝐓𝐄𝐀𝐌𝐂𝐈𝐓𝐘

TeamCity serves as a continuous integration/continuous deployment (CI/CD) tool employed by organizations in DevOps and various software development endeavors. This application is utilized by software developers to oversee and automate tasks such as software compilation, building, testing, and releasing.

2️⃣ 𝐖𝐇𝐀𝐓 𝐈𝐒 𝐉𝐄𝐓𝐁𝐑𝐀𝐈𝐍𝐒 𝐓𝐄𝐀𝐌𝐂𝐈𝐓𝐘 𝐀𝐔𝐓𝐇𝐄𝐍𝐓𝐈𝐂𝐀𝐓𝐈𝐎𝐍 𝐁𝐘𝐏𝐀𝐒𝐒 𝐀𝐓𝐓𝐀𝐂𝐊?

Several threat actors have been observed taking advantage of an authentication bypass vulnerability in JetBrains TeamCity. This vulnerability has the potential to result in remote code execution. In the event of a successful compromise, unauthorized access to a TeamCity server would grant malicious actors entry to a software developer's source code, signing certificates, and the capability to manipulate software compilation and deployment procedures. This access could be further exploited by a malicious actor to carry out supply chain operations.

3️⃣ 𝐖𝐇𝐀𝐓'𝐒 𝐁𝐄𝐇𝐈𝐍𝐃 𝐀𝐏𝐓29?

CozyDuke, alternatively recognized as CozyBear, CozyCar, and Office Monkeys, among other aliases, is a threat actor associated with advanced persistent threat APT29. It gained prominence in 2014 following a series of targeted and precise attacks on notable entities, including the US White House, Department of State, and the Democratic National Committee.

4️⃣ 𝐖𝐇𝐀𝐓 𝐈𝐒 𝐓𝐇𝐄 𝐕𝐄𝐍𝐃𝐎𝐑 𝐒𝐎𝐋𝐔𝐓𝐈𝐎𝐍?

JetBrains released patch on September 18, 2023 to fix the affected TeamCity software on version 2023.05.4, which can be found here: https://lnkd.in/gDHjiHkc.

📜 𝐑𝐞𝐟𝐞𝐫𝐞𝐧𝐜𝐞𝐬 :

𝐀𝐜𝐭𝐢𝐯𝐞 𝐎𝐮𝐭𝐛𝐫𝐞𝐚𝐤 𝐀𝐥𝐞𝐫𝐭𝐬 https://lnkd.in/g8jcwWJ4

𝐓𝐡𝐫𝐞𝐚𝐭 𝐑𝐞𝐬𝐞𝐚𝐫𝐜𝐡 𝐑𝐞𝐩𝐨𝐫𝐭 https://lnkd.in/gZirx9Vb

𝐓𝐡𝐫𝐞𝐚𝐭 𝐒𝐢𝐠𝐧𝐚𝐥 𝐑𝐞𝐩𝐨𝐫𝐭 https://lnkd.in/g3TAWnQd

𝐎𝐮𝐭𝐛𝐫𝐞𝐚𝐤 𝐃𝐞𝐭𝐚𝐢𝐥𝐬 https://lnkd.in/gZeazNky

#cybersecurity #selfchallenge #100cyberdays #apt #cve #fortiguardlabs #fortinet