Summary:
A recent ransomware attack targeting India's National Payments Corporation (NPCI) has been linked to a flaw in Jenkins, a popular automation tool. The security weakness, known as CVE-2024-23897, was found in Jenkins’ Command Line Interface, enabling unauthorized access to sensitive data on servers that hadn't been updated with the latest security patches.

The attack, which began on July 31, impacted NPCI’s payment systems through a third-party provider, C-Edge Technologies. The ransomware group RansomEXX claimed responsibility, revealing they exfiltrated 142 GB of data.

Security Officer Comments:
Juniper Networks' report underlines the crucial need for immediate patching and proper server settings to prevent such breaches. Despite prior warnings and a fix issued in January, the vulnerability had been exploited by attackers due to its wide exposure and the lack of updates on many Jenkins servers.

Suggested Corrections:
Experts stress the importance of maintaining robust security measures to avoid similar incidents, which can cause lasting damage to organizations' reputations and lead to financial and legal issues.

Link(s):
https://therecord.media/jenkins-vulnerability-india-npci-ransomware-attack