Security News > 2023 > November > TellYouThePass ransomware joins Apache ActiveMQ RCE attacks
Internet-exposed Apache ActiveMQ servers are also targeted in TellYouThePass ransomware attacks targeting a critical remote code execution vulnerability previously exploited as a zero-day.
One week after Apache patched this critical ActiveMQ vulnerability, Huntress Labs and Rapid7 both reported spotting attackers exploiting the bug to deploy HelloKitty ransomware payloads on customers' networks.
Arctic Wolf Labs revealed in a report published one day later that threat actors actively exploiting the CVE-2023-46604 flaw also use it for initial access in attacks targeting Linux systems and pushing TellYouThePass ransomware.
HelloKitty ransomware now exploiting Apache ActiveMQ flaw in attacks.
3,000 Apache ActiveMQ servers vulnerable to RCE attacks exposed online.
TellYouThePass ransomware revived in Linux, Windows Log4j attacks.
News URL
Related news
- U.S. Agencies Warn of Iranian Hacking Group's Ongoing Ransomware Attacks (source)
- Ransomware crisis deepens as attacks and payouts rise (source)
- Ransomware attacks escalate as critical sectors struggle to keep up (source)
- Iran Cyber Attack: Fox Kitten Facilitates Ransomware in US (source)
- 83% of organizations experienced at least one ransomware attack in the last year (source)
- Apache OFBiz team patches critical RCE vulnerability (CVE-2024-45195) (source)
- Veeam Backup & Replication RCE flaw may soon be leveraged by ransomware gangs (CVE-2024-40711) (source)
- Critical SonicWall SSLVPN bug exploited in ransomware attacks (source)
- NoName ransomware gang deploying RansomHub malware in recent attacks (source)
- Port of Seattle hit by Rhysida ransomware in August attack (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-27 | CVE-2023-46604 | Deserialization of Untrusted Data vulnerability in multiple products The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. | 9.8 |