Multiple North Korean threat actors exploiting the TeamCity CVE-2023-42793 vulnerability | allinfosecnews.com

Oct. 18, 2023, 4:30 p.m. | Microsoft Threat Intelligence

Microsoft Security Blog www.microsoft.com

Since early October 2023, Microsoft has observed North Korean nation-state threat actors Diamond Sleet and Onyx Sleet exploiting the Jet Brains TeamCity CVE-2023-42793 remote-code execution vulnerability. Given supply chain attacks carried out by these threat actors in the past, Microsoft assesses that this activity poses a particularly high risk to organizations who are affected.

The post Multiple North Korean threat actors exploiting the TeamCity CVE-2023-42793 vulnerability appeared first on Microsoft Security Blog.

attacks code code execution cve diamond diamond sleet exploiting high jet microsoft nation north north korean october onyx risk sleet state state-sponsored threat actor supply supply chain supply chain attacks teamcity threat threat actors vulnerability

More from www.microsoft.com / Microsoft Security Blog

Security above all else—expanding Microsoft’s Secure Future Initiative 1 day ago | www.microsoft.com

blog cyberthreat driving future +8

Microsoft introduces passkeys for consumer accounts 2 days, 1 hour ago | www.microsoft.com

accounts blog consumer microsoft +7

Microsoft named overall leader in KuppingerCole Leadership Compass for ITDR 2 days, 16 hours ago | www.microsoft.com

and response capabilities compass detection +22

Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials 1 week, 4 days ago | www.microsoft.com

blizzard compromise credentials cve +20

Attackers exploiting new critical OpenMetadata vulnerabilities on Kubernetes clusters 2 weeks, 2 days ago | www.microsoft.com

access attack attackers blog +17

How Microsoft discovers and mitigates evolving attacks against AI guardrails 3 weeks, 1 day ago | www.microsoft.com

address attacks blog guardrails +8

Explore Microsoft’s AI innovations at RSA Conference 2024 4 weeks, 1 day ago | www.microsoft.com

ai innovations blog conference event +12

Get end-to-end protection with Microsoft’s unified security operations platform, now in public preview 1 month ago | www.microsoft.com

can center comprehensive approach cybersecurity +14

Frost & Sullivan names Microsoft a Leader in the Frost Radar™: Managed Detection and Response, … 1 month, 1 week ago | www.microsoft.com

amp and response center defender +25

QA Customer Response Engineer

@ ORBCOMM | Sterling, VA Office, Sterling, VA, US

View on infosec-jobs.com

Enterprise Security Architect

@ Booz Allen Hamilton | USA, TX, San Antonio (3133 General Hudnell Dr) Client Site

View on infosec-jobs.com

DoD SkillBridge - Systems Security Engineer (Active Duty Military Only)

@ Sierra Nevada Corporation | Dayton, OH - OH OD1

View on infosec-jobs.com

Senior Development Security Analyst (REMOTE)

@ Oracle | United States

View on infosec-jobs.com

Software Engineer - Network Security

@ Cloudflare, Inc. | Remote

View on infosec-jobs.com

Software Engineer, Cryptography Services

@ Robinhood | Toronto, ON

View on infosec-jobs.com