U.S. Federal Agencies and other countries release advisory that Russian Foreign Intelligence Service (SVR) is exploiting vulnerability in Jetbrains TeamCity globally

According to CISA, FBI, NSA, Polish Military Counterintelligence, CERT Polska, and UK’s National Cyber Security Centre, Russian actors known by names including APT 29 are and have been exploiting servers hosting JetBrains TeamCity software since at least September, 2023. This software is used for software compilations, including building, testing and releasing software. The potential impact is pretty large, including supply chain operations (think Solarwinds). The article details IOCs

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-347a

Click to access aa23-347a-russian-foreign-intelligence-service-svr-exploiting-jetbrains-teamcity-cve-globally_0.pdf

Joint advisory

https://nvd.nist.gov/vuln/detail/cve-2023-42793

60 Credit Unions affected by ransomware in likely supply chain attack

https://www.theregister.com/2023/12/02/ransomware_infection_credit_unions/

Related Articles

https://www.cnn.com/2023/12/01/politics/ransomware-attack-credit-unions/index.html

https://abc7.com/ransomware-attack-in-us-credit-union-outages-trellance-cyberattack-ncua/14133374/

https://www.msn.com/en-us/money/other/60-us-credit-unions-offline-after-ransomware-infects-backend-cloud-outfit/ar-AA1kRVhA

Android Framework vulnerability allows bad actors to escalate privileges on unpatched devices. CISA states Chinese app exploiting to spy on users

https://www.bleepingcomputer.com/news/security/cisa-warns-of-android-bug-exploited-by-chinese-app-to-spy-on-users/

In the wake of security products flagging 3CX software where users thought this to be false positives, Microsoft Defender (unrelated) falsely flags legitimate URLs. Fix has been released.

https://www.theregister.com/2023/03/29/microsoft_defender_url_alerts/

Lessons learned: One of the factors in the LastPass breach was an Engineer’s failure to update Plex on a home computer

https://thehackernews.com/2023/03/lastpass-hack-engineers-failure-to.html

LastPass completes investigations into their most recent breaches and shares findings. You can read them below but we’ll detail them in coming days about necessary actions

https://blog.lastpass.com/2023/03/security-incident-update-recommended-actions/

Booking.com (function(d, sc, u) { var s = d.createElement(sc), p = d.getElementsByTagName(sc)[0]; s.type = ‘text/javascript’; s.async = true; s.src = u + ‘?v=’ + (+new Date()); p.parentNode.insertBefore(s,p); })(document, ‘script’, ‘//cf.bstatic.com/static/affiliate_base/js/flexiproduct.js’);

FBI program Infragard hacked and membership data leaked. Hackers are said to be communicating through the portal to members

https://krebsonsecurity.com/2022/12/fbis-vetted-info-sharing-network-infragard-hacked/

New York Post Update: Looks like it was a (now former) New York Post employee

https://variety.com/2022/digital/news/new-york-post-twitter-account-hack-racist-violent-messages-1235415797/

UPDATE to New York Post hack: Samples of posts have been shared on Twitter with links that lead to NYT website for unfound stories. Was their Twitter account hacked or were those “stories” posted and then shared on Twitter…

Either way, the ending result on Twitter was consumed by many

New York Post Twitter account is “hacked”: Careful what you click(ed) on