all InfoSec news
The JetBrains TeamCity software supply chain attack: Lessons learned
Malware Analysis, News and Indicators - Latest topics malware.news
The group that perpetrated the notorious SunBurst attack on SolarWinds in 2020 is actively exploiting a vulnerability in JetBrains TeamCity continuous integration/continuous delivery (CI/CD) software, which is used by development teams to manage and automate compilation, building, testing, and releasing software.
The Cybersecurity and Infrastructure Security Agency (CISA) warned in an alert released on Dec. 13:
"If compromised, access to a TeamCity server would provide malicious actors with access to that software developer’s source code, signing certificates, and the …
agency attack building cisa continuous continuous delivery continuous integration cybersecurity delivery development development teams exploiting infrastructure infrastructure security integration jetbrains jetbrains teamcity lessons learned manage security software software supply chain software supply chain attack solarwinds sunburst supply supply chain supply chain attack teamcity teams testing vulnerability