Jessica Wight’s Post

On September 20, 2023, JetBrains disclosed CVE-2023-42793, a critical authentication bypass vulnerability in on-prem instances of their TeamCity CI/CD server. Successful exploitation allows an unauthenticated attacker (with HTTP[S] access to a TeamCity server) to gain administrative control of the server via RCE attack — making this vulnerability a potential supply chain attack vector. 🛡 Find additional information, mitigation guidance and more in our blog: https://r-7.co/455spt5

Rancher users can deploy NeuVector through Rancher and monitor the key security metrics of each cluster through the NeuVector UI extension. This extension includes a cluster security score, ingress/egress connection risks and vulnerability risks for nodes and pods. SUSE NeuVector SUSE Rancher by SUSE

A new 0-day exploit has surfaced, which exploits connection stream optimizations in http/2. This simple flood attack has been gaining more attention recently. While there are some easy configuration fixes available, this is a reminder of the importance of staying vigilant. Always stay aware and be prepared to take action to protect yourself and your systems. #cybersecurity #hackerattacks #http2 #networksecurity

If you are interested in #Kubernetes #security, please check out the latest Runecast Solutions blog post. I've put together some basic tips on how to set up #Kubernetes workloads to minimize the impact on your cluster's #security. https://lnkd.in/de4UqGJh

Simplify SSH connection routing and security with #HAProxy. Our blog post explains the SSH ProxyCommand feature and SNI extension in detail. Read here: https://hubs.la/Q023fmdN0

𝐇𝐓𝐓𝐏/2 𝐑𝐚𝐩𝐢𝐝 𝐑𝐞𝐬𝐞𝐭 𝐢𝐬 𝐚 𝐧𝐞𝐰 𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐢𝐬𝐬𝐮𝐞 𝐭𝐡𝐚𝐭 𝐦𝐚𝐲 𝐢𝐦𝐩𝐚𝐜𝐭 𝐞𝐯𝐞𝐫𝐲 𝐩𝐨𝐬𝐬𝐢𝐛𝐥𝐞 𝐬𝐨𝐟𝐭𝐰𝐚𝐫𝐞 𝐭𝐡𝐚𝐭 𝐢𝐦𝐩𝐥𝐞𝐦𝐞𝐧𝐭𝐬 𝐭𝐡𝐞 𝐇𝐓𝐓𝐏/2 𝐬𝐭𝐚𝐜𝐤 ( from curl to web servers ). It is living currently in the spec itself so it's not an implementation issue, but rather a spec issue. This is why it has been kept secret until now. What does this mean for us? 𝐔𝐩𝐝𝐚𝐭𝐞 𝐲𝐨𝐮𝐫 𝐖𝐞𝐛 𝐒𝐞𝐫𝐯𝐞𝐫𝐬 𝐀𝐒𝐀𝐏 𝐚𝐬 𝐭𝐡𝐢𝐬 𝐡𝐚𝐬 𝐛𝐞𝐞𝐧 𝐚𝐥𝐫𝐞𝐚𝐝𝐲 𝐞𝐱𝐩𝐥𝐨𝐢𝐭𝐞𝐝 𝐬𝐢𝐧𝐜𝐞 𝐀𝐮𝐠𝐮𝐬𝐭 2023 by a large botnet made of 20k nodes and counting. More info on the article below. Thanks to Cloudflare as usual for the insights.

HTTP/2 Rapid Reset: a new zero-day DDoS attack method that can take down any web server running HTTP/2. Cloudflare, Google and AWS have seen attacks over 200 million RPS (with Google seeing a peak of 398 million) and have added mitigations. CVE-2023-44487 affects all web servers using HTTP/2 and needs patching urgently.

Learn more about using Vercel Functions: how to set spend caps, get near real-time usage alerts, and block bad traffic with the Firewall. https://lnkd.in/g_nm7NTn

JetBrains urged customers today to patch their TeamCity On-Premises servers against a critical authentication bypass vulnerability that can let attackers take over vulnerable instances with admin privileges. Tracked as CVE-2024-23917, this critical severity flaw impacts all versions of TeamCity On-Premises from 2017.1 through 2023.11.2 and can be exploited in remote code #execution attacks that don't require user interaction. "We strongly advise all TeamCity On-Premises users to update their servers to 2023.11.3 to eliminate the vulnerability," JetBrains said. "If your server is publicly accessible over the internet and you are unable to take one of the above mitigation steps immediately, we recommend temporarily making it inaccessible until mitigation actions have been completed." Customers who cannot immediately upgrade can also use a #security patch plugin to secure servers running TeamCity 2018.2+ and TeamCity 2017.1, 2017.2, and 2018.1. While the #company says that all TeamCity #Cloud servers have been patched and there is no evidence they've been attacked, it has yet to #reveal if CVE-2024-23917 has been targeted in the wild to hijack Internet-exposed TeamCity On-Premises servers

What is Zero-Day vulnerability ?? A zero-day (0day) vulnerability refers to a security vulnerability for which no mitigation or patch is available at the time it is disclosed or made public. Among the newly discovered zero-day attacks, There are : ⭕ CVE-2023-44487 : known as Rapid Reset, in HTTP/2 protocol. The vulnerability is reportedly being actively exploited. The vulnerability has a Common Vulnerability Scoring System (CVSSv3) score of 7.5 out of 10. This vulnerability affects all web servers which have the HTTP/2 protocol enabled. ⭕ CVE-2023-22515 is a critical privilege escalation vulnerability affecting on-premise Atlassian Confluence Data Center and Server products. ⭕ CVE-2023-42793: Critical Authentication Bypass in JetBrains TeamCity CI/CD Servers For additional information, please refer to this links: CVE-2023-42793 : https://lnkd.in/eTa_95Nb CVE-2023-22515 : https://lnkd.in/eC_6G6ah CVE-2023-44487: https://lnkd.in/ehQSHMxx. Senselearner Technologies Pvt. Ltd. #vulnerability #cve #cybersecurity