Two stories this episode: a cyberattack on Fulton County, Georgia knocked out power, courts, tax processing, and phone services for the entire county government, while a critical Jenkins vulnerability (CVE-2024-23897) left 45,000 internet-exposed instances open to arbitrary file read and potential remote code execution after proof-of-concept exploit code went public.
Stories Covered
Cyberattack on Fulton County, Georgia Takes Down Courts, Tax Systems, and Phone Service
Fulton County, Georgia — home to Atlanta and one of the most populous counties in the southeastern United States — suffered a cyberattack in late January 2024 that knocked out county government infrastructure across multiple critical functions. Court filings, tax processing, the court system website, and county phone and internet service all went offline. Power outages compounded the disruption. County commissioner Rob Pitts stated that preliminary investigation did not indicate any transfer of sensitive citizen or employee data, but acknowledged the breach had caused significant operational disruption with no firm timeline for restoration. The incident was still developing at air time and no threat actor had been identified. The impact illustrated the cascading effect of a single breach on a government entity that provides interconnected services: when court systems, communications infrastructure, and tax processing all run through shared network infrastructure, a single point of compromise can halt the entire operation simultaneously.
Local and county governments are among the most chronically under-resourced targets in the threat landscape. The attack surface is large — court systems, utilities, emergency services, tax administration, and permit processing all require network connectivity and increasingly run on internet-facing infrastructure — while the cybersecurity budget and staffing at most county governments is a fraction of what comparably scaled private organizations maintain. The result is that a county government is simultaneously a high-value target (access to citizen records, legal proceedings, financial data) and a soft target (older systems, deferred patching, limited incident response capability). When a nation-state or sophisticated ransomware operation targets county infrastructure, it is effectively pitting the resources of an entire government or criminal enterprise against an entity whose IT department may consist of a handful of people. The Fulton County attack follows a broader pattern of critical infrastructure intrusions: water treatment plants, power infrastructure, pipeline operators, and government systems have all seen targeted intrusions in recent years. The consistent thread is that internet connectivity has been extended to infrastructure that was not designed with internet-scale threat models in mind, without proportionate investment in the defenses that connectivity requires.
Jenkins CVE-2024-23897: 45,000 Unpatched Servers Exposed to File Read and Potential RCE
Jenkins — the widely used open-source CI/CD automation platform — disclosed CVE-2024-23897 on January 24, 2024, a critical arbitrary file read vulnerability in the Jenkins built-in command line interface (CLI). The flaw allows an unauthenticated or low-privileged attacker to read arbitrary files from the Jenkins server filesystem, including credential files, secrets, and signing keys that the Jenkins process has access to. Depending on configuration, the vulnerability can be chained into remote code execution: if an attacker can also upload a file to the server (through any available mechanism) and then trigger execution via the read path, they can achieve RCE. The Jenkins security team released a patched version on the same day as disclosure and advised that organizations unable to patch immediately should disable the Jenkins CLI as a workaround.
By January 29th — five days after the patch release — the nonprofit threat monitoring organization Shadow Server reported approximately 45,000 internet-exposed Jenkins instances still running the unpatched version, with nearly 12,000 of those located in the United States. China had a comparable number of exposed systems. Proof-of-concept exploit code had already been published publicly, meaning any attacker with basic capability could target the 45,000 unpatched systems without needing to independently develop an exploit. Jenkins is used heavily in software development pipelines across enterprise, government, and startup environments — a compromised Jenkins server typically has access to source code repositories, build artifacts, deployment credentials, cloud provider keys, and production signing certificates. An arbitrary file read on a Jenkins instance is therefore not just a server compromise; it is a potential stepping stone into the entire software supply chain that Jenkins serves. Patch immediately, or disable the CLI as an interim measure until patching is possible.
Leave a Reply