Security News > 2023 > November > TellYouThePass ransomware joins Apache ActiveMQ RCE attacks
Internet-exposed Apache ActiveMQ servers are also targeted in TellYouThePass ransomware attacks targeting a critical remote code execution vulnerability previously exploited as a zero-day.
One week after Apache patched this critical ActiveMQ vulnerability, Huntress Labs and Rapid7 both reported spotting attackers exploiting the bug to deploy HelloKitty ransomware payloads on customers' networks.
Arctic Wolf Labs revealed in a report published one day later that threat actors actively exploiting the CVE-2023-46604 flaw also use it for initial access in attacks targeting Linux systems and pushing TellYouThePass ransomware.
HelloKitty ransomware now exploiting Apache ActiveMQ flaw in attacks.
3,000 Apache ActiveMQ servers vulnerable to RCE attacks exposed online.
TellYouThePass ransomware revived in Linux, Windows Log4j attacks.
News URL
Related news
- CISA Warns of CentreStack's Hard-Coded MachineKey Vulnerability Enabling RCE Attacks (source)
- Sensata Technologies hit by ransomware attack impacting operations (source)
- Ransomware attack cost IKEA operator in Eastern Europe $23 million (source)
- Kidney dialysis firm DaVita hit by weekend ransomware attack (source)
- Ahold Delhaize confirms data theft after INC ransomware claims attack (source)
- Interlock ransomware gang pushes fake IT tools in ClickFix attacks (source)
- Active! Mail RCE flaw exploited in attacks on Japanese orgs (source)
- Interlock ransomware claims DaVita attack, leaks stolen data (source)
- Craft CMS RCE exploit chain used in zero-day attacks to steal data (source)
- Ransomware attacks are getting smarter, harder to stop (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-27 | CVE-2023-46604 | The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. | 9.8 |