Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Two critical vulnerabilities have been discovered and patched in TeamCity, a build management and continuous integration server from JetBrains. These vulnerabilities are being tracked as CVE-2024-27198 and CVE-2024-27199 and impact all TeamCity On-Premises versions through 2023.11.3. They are reportedly being actively exploited as of March 6, 2024, with a fix is available in version 2023.11.4, which was released Monday, March 4.

Many organizations focus on addressing the risks within their internal attack surface while overlooking the potential threats created by their external digital footprint on the surface, deep and dark web. This article outlines how companies can significantly mitigate this risk by combining digital risk protection with their detection and response approach.

Managed XDR (MXDR) is a service-led security solution that uses a wide range of telemetry sources to better unify and automate incident investigation, analysis, and response. Extended Detection and Response (XDR) is the technology at the heart of MXDR. It is a security platform that unifies telemetry across multiple security layers, such as networks, endpoints, applications, email, identities, and cloud services, into a single platform.

Professionals in the cybersecurity industry have much to consider regarding the various approaches and types of tooling required to keep their organizations secure. There are significant known cybersecurity threats and a constant danger of new “zero-day” vulnerabilities. One comprehensive strategy growing in popularity for mitigating the associated risks generated by these threats and vulnerabilities is Attack Surface Management (ASM).

The Kroll CTI team observed a campaign using a new malware that appears to be very similar to BABYSHARK, previously reported to have been developed and used by the APT group Kimsuky (KTA082). The malware was deployed as part of an attempted compromise that was detected and stopped by the Kroll Responder team. The activity started with exploitation of a recently addressed authentication bypass in the remote desktop software ScreenConnect, developed by ConnectWise.

In 2022, Gartner coined the term and concept of continuous threat exposure management (CTEM) — a five-stage approach that continuously exposes an organization’s networks, systems, and assets to simulated attacks to identify vulnerabilities and weaknesses.

Kroll’s Q4 analysis shows ransomware groups increasingly gaining initial access through external remote services. The quarter presented a complex security landscape with a mix of both positive and negative trends: positively, activity associated with larger ransomware-as-a-service (RaaS) operations, like LOCKBIT and BLACKCAT, declined.