MSSP Alert has not independently confirmed The New York Times report. His staff have found no evidence of a breach of JetBrains or of a vulnerability in TeamCity, a tool that helps developers integrate. The New York Times on Wednesday reported that investigators are examining whether a breach at another software provider JetBrains may have precipitated the attack on SolarWinds. They are seeking to learn if it was a parallel way for Russia’s main intelligence agency to enter government and private systems, or whether it was the original avenue for Russian operatives to first infiltrate SolarWinds. Still, government officials are not certain how the compromise of the JetBrains software relates to the larger SolarWinds hacking.JetBrains said on Wednesday that it was not aware of being under investigation nor was it aware of any compromise.Officials are investigating whether JetBrains, founded by three Russian engineers in the Czech Republic with research labs in Russia, was breached and used as a pathway for hackers to insert back doors into the software of technology companies. The New York Times has published a story in which they point to JetBrains being under investigation and somehow related to the SolarWinds breach that recently took place.It’s important to stress that TeamCity is a complex product that requires proper configuration. Shafirov has confirmed that SolarWinds is a customer. SolarWinds Serv-U before 15.2.2 allows Unauthenticated Macro Injection. According to reports, the JetBrains product possibly abused by the SolarWinds hackers is TeamCity, a continuous integration and development system. American intelligence agencies and cybersecurity investigators are examining the role of JetBrains in Russian hacking of federal agencies. JetBrains TeamCity before 2020.2 was vulnerable to reflected XSS on several.And yes, SolarWinds apparently is a JetBrains customer.Īccording to a detailed New York Times report about the alleged JetBrains TeamCity breach: SolarWinds, like many companies, uses a product by JetBrains called TeamCity to assist with the development of its software. However, at this point, as also supported by the statements of the SolarWinds own spokesperson, there is no evidence that TeamCity had any role in this. The answer, according to a new report, may involve JetBrains TeamCity, a DevOps tool that’s widely used by nearly 80 percent of the Fortune 100. SolarWinds uses TeamCity amongst other tools during the build process. Allows installing GitHub webhooks for GitHub repositories used by TeamCity VCS roots. SolarWinds is one of JetBrains customers, which also include Google, P&G and Citibank, according to the JetBrains website. government agencies and businesses like Microsoft? Allows configuring and running SonarQube analysis on the TeamCity server. How did Russia allegedly hack SolarWinds Orion and then use that breach to apparently infiltrate some U.S.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |