On March 3, 2024, JetBrains published a blog post describing two authentication bypass vulnerabilities affecting the On-Premises Servers of TeamCity. An unauthenticated threat actor with HTTP(S) access to a TeamCity Server can exploit these vulnerabilities to bypass authentication and gain administrative control of a TeamCity Server. CVE-2024-27198 (CVSS 9.8): Alternative path issue in the web component of TeamCity that can lead to remote code execution (RCE). CVE-2024-27199 (CVSS 7.3)

Two critical vulnerabilities have been discovered and patched in TeamCity, a build management and continuous integration server from JetBrains. These vulnerabilities are being tracked as CVE-2024-27198 and CVE-2024-27199 and impact all TeamCity On-Premises versions through 2023.11.3. They are reportedly being actively exploited as of March 6, 2024, with a fix is available in version 2023.11.4, which was released Monday, March 4.

Local governments in the United States faced a surge in cyber threats during the latter half of 2023, with over 160 cybersecurity incidents impacting the State, Local, and Education (SLED) sectors. Alarming statistics reveal that many of these incidents were ransomware attacks (45%) and data breaches (37%). As custodians of vast amounts of personal and private information, local governments are entrusted with safeguarding sensitive data against evolving cyber threats.

The next 12 months have the potential to reshape the global political landscape with elections occurring in more than 80 nations, in 2024, while new technologies, such as AI, capture our imagination and pose new security challenges. Against this backdrop, the role of CISOs has never been more important. Grant Bourzikas, Cloudflare’s Chief Security Officer, shared his views on what the biggest challenges currently facing the security industry are in the Security Week opening blog.

In a groundbreaking move, Google has introduced Gemma, a new open-source AI model that aims to revolutionize AI application development for developers. Developed using the cutting-edge technology underpinning Google's Gemini AI models, Gemma is set to provide developers with advanced tools to create AI applications conscientiously and efficiently.

CloudCasa by Catalogic can be installed on Azure Kubernetes Service (AKS) clusters using Ubuntu and perform migrations to Azure Linux as the host operating system. The Azure Linux container host for AKS is a lightweight, secure, and reliable OS platform optimized for performance on Azure.

GPT’s debut created a buzz, democratizing AI beyond tech circles. While its language expertise offers practical applications, security threats like malware and data leaks pose challenges. Organizations must carefully assess and balance the benefits against these security risks. Ensuring your safety while maximizing the benefits of Large Language Models(LLMs) like ChatGPT involves implementing practical actions and preparing for current and future security challenges.

Cybersecurity professionals possess many tools to reduce risk. However, it is no accident in a field so concerned with technology that technological tools are often prioritized over others: as the Law of Instrument says, “if the only tool you have is a hammer, it is tempting to treat everything as if it were a nail.” Therefore, cybersecurity professionals should not neglect the other tools, such as awareness and training.

At AWS Re:Invent 2021 in the keynote address, AWS CTO Werner Vogels, invested a significant chunk of time in zooming in on the Identity and Access Management (IAM) of what he called the Everywhere Cloud. He emphasized that while often being underestimated or overlooked - IAM, remains a critical aspect of our overall security posture. ‍ ‍

The importance of security awareness It’s well worth taking the time to craft a meaningful and engaging security awareness program. By presenting the right mix of information to your users in a compelling way, you can empower them to help you improve your organization’s security posture as well as create a more robust security culture overall. The cybersecurity topics that you include in your program should be relevant to your business and industry, of course.

Australia’s Data Privacy Landscape is EVOLVING QUICKLY In February 2023, the Australian government released the results of a two-year review of the 1988 Data Privacy Act. This was followed by a response in September, authored by Attorney General Mark Dreyfus, that agreed to 38 of the 116 recommendations and a further 68 ‘in principle’.