Security News > 2023 > November > TellYouThePass ransomware joins Apache ActiveMQ RCE attacks
Internet-exposed Apache ActiveMQ servers are also targeted in TellYouThePass ransomware attacks targeting a critical remote code execution vulnerability previously exploited as a zero-day.
One week after Apache patched this critical ActiveMQ vulnerability, Huntress Labs and Rapid7 both reported spotting attackers exploiting the bug to deploy HelloKitty ransomware payloads on customers' networks.
Arctic Wolf Labs revealed in a report published one day later that threat actors actively exploiting the CVE-2023-46604 flaw also use it for initial access in attacks targeting Linux systems and pushing TellYouThePass ransomware.
HelloKitty ransomware now exploiting Apache ActiveMQ flaw in attacks.
3,000 Apache ActiveMQ servers vulnerable to RCE attacks exposed online.
TellYouThePass ransomware revived in Linux, Windows Log4j attacks.
News URL
Related news
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- Embargo ransomware escalates attacks to cloud environments (source)
- JPCERT shares Windows Event Log tips to detect ransomware attacks (source)
- Ransomware attack forces UMC Health System to divert some patients (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks (source)
- CISA says critical Fortinet RCE flaw now exploited in attacks (source)
- Underground ransomware claims attack on Casio, leaks stolen data (source)
- Akira and Fog ransomware now exploit critical Veeam RCE flaw (source)
- Casio confirms customer data stolen in a ransomware attack (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-27 | CVE-2023-46604 | Deserialization of Untrusted Data vulnerability in multiple products The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. | 9.8 |