Security News > 2023 > November > TellYouThePass ransomware joins Apache ActiveMQ RCE attacks

TellYouThePass ransomware joins Apache ActiveMQ RCE attacks
2023-11-06 15:34

Internet-exposed Apache ActiveMQ servers are also targeted in TellYouThePass ransomware attacks targeting a critical remote code execution vulnerability previously exploited as a zero-day.

One week after Apache patched this critical ActiveMQ vulnerability, Huntress Labs and Rapid7 both reported spotting attackers exploiting the bug to deploy HelloKitty ransomware payloads on customers' networks.

Arctic Wolf Labs revealed in a report published one day later that threat actors actively exploiting the CVE-2023-46604 flaw also use it for initial access in attacks targeting Linux systems and pushing TellYouThePass ransomware.

HelloKitty ransomware now exploiting Apache ActiveMQ flaw in attacks.

3,000 Apache ActiveMQ servers vulnerable to RCE attacks exposed online.

TellYouThePass ransomware revived in Linux, Windows Log4j attacks.


News URL

https://www.bleepingcomputer.com/news/security/tellyouthepass-ransomware-joins-apache-activemq-rce-attacks/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-10-27 CVE-2023-46604 Deserialization of Untrusted Data vulnerability in Apache Activemq
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution.
network
low complexity
apache CWE-502
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apache 292 61 833 603 281 1778