Security News > 2023 > November > TellYouThePass ransomware joins Apache ActiveMQ RCE attacks
Internet-exposed Apache ActiveMQ servers are also targeted in TellYouThePass ransomware attacks targeting a critical remote code execution vulnerability previously exploited as a zero-day.
One week after Apache patched this critical ActiveMQ vulnerability, Huntress Labs and Rapid7 both reported spotting attackers exploiting the bug to deploy HelloKitty ransomware payloads on customers' networks.
Arctic Wolf Labs revealed in a report published one day later that threat actors actively exploiting the CVE-2023-46604 flaw also use it for initial access in attacks targeting Linux systems and pushing TellYouThePass ransomware.
HelloKitty ransomware now exploiting Apache ActiveMQ flaw in attacks.
3,000 Apache ActiveMQ servers vulnerable to RCE attacks exposed online.
TellYouThePass ransomware revived in Linux, Windows Log4j attacks.
- 3,000 Apache ActiveMQ servers vulnerable to RCE attacks exposed online (source)
- HelloKitty ransomware now exploiting Apache ActiveMQ flaw in attacks (source)
- Critical Apache ActiveMQ flaw under attack by 'clumsy' ransomware crims (source)
- GNOME Linux systems exposed to RCE attacks via file downloads (source)
- ALPHV ransomware gang claims attack on Florida circuit court (source)
- libcue Library Flaw Opens GNOME Linux Systems Vulnerable to RCE Attacks (source)
- Ransomware attacks register record speeds thanks to success of infosec industry (source)
- GNOME users at risk of RCE attack (CVE-2023-43641) (source)
- Microsoft Defender Thwarts Large-Scale Akira Ransomware Attack (source)
- Ransomware attacks now target unpatched WS_FTP servers (source)
|2023-10-27||CVE-2023-46604|| Deserialization of Untrusted Data vulnerability in Apache Activemq |
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution.
| 9.8 |