Security News > 2023 > November > TellYouThePass ransomware joins Apache ActiveMQ RCE attacks

TellYouThePass ransomware joins Apache ActiveMQ RCE attacks
2023-11-06 15:34

Internet-exposed Apache ActiveMQ servers are also targeted in TellYouThePass ransomware attacks targeting a critical remote code execution vulnerability previously exploited as a zero-day.

One week after Apache patched this critical ActiveMQ vulnerability, Huntress Labs and Rapid7 both reported spotting attackers exploiting the bug to deploy HelloKitty ransomware payloads on customers' networks.

Arctic Wolf Labs revealed in a report published one day later that threat actors actively exploiting the CVE-2023-46604 flaw also use it for initial access in attacks targeting Linux systems and pushing TellYouThePass ransomware.

HelloKitty ransomware now exploiting Apache ActiveMQ flaw in attacks.

3,000 Apache ActiveMQ servers vulnerable to RCE attacks exposed online.

TellYouThePass ransomware revived in Linux, Windows Log4j attacks.


News URL

https://www.bleepingcomputer.com/news/security/tellyouthepass-ransomware-joins-apache-activemq-rce-attacks/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-10-27 CVE-2023-46604 The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution.
network
low complexity
apache debian netapp
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apache 281 13 549 713 367 1642