Security News > 2023 > November > Kinsing malware exploits Apache ActiveMQ RCE to plant rootkits
The Kinsing malware operator is actively exploiting the CVE-2023-46604 critical vulnerability in the Apache ActiveMQ open-source message broker to compromise Linux systems.
Kinsing malware targets Linux systems and its operator is notorious for leveraging known flaws that are often overlooked by system administrators.
"Currently, there are existing public exploits that leverage the ProcessBuilder method to execute commands on affected systems," the researchers explain.
"In the context of Kinsing, CVE-2023-46604 is exploited to download and execute Kinsing cryptocurrency miners and malware on a vulnerable system" - Trend Micro.
To mitigate the threat, system administrators are recommended to upgrade Apache Active MQ to versions 5.15.16, 5.16.7, 5.17.6, or 5.18.3, which address the security issue.
3,000 Apache ActiveMQ servers vulnerable to RCE attacks exposed online.
News URL
Related news
- Malware exploits 5-year-old zero-day to infect end-of-life IP cameras (source)
- Cyberattackers Exploit Google Sheets for Malware Control in Likely Espionage Campaign (source)
- Week in review: SonicWall critical firewalls flaw fixed, APT exploits WPS Office for Windows RCE (source)
- Apache OFBiz team patches critical RCE vulnerability (CVE-2024-45195) (source)
- New Linux Malware Campaign Exploits Oracle Weblogic to Mine Cryptocurrency (source)
- Exploit code released for critical Ivanti RCE flaw, patch now (source)
- Chinese Hackers Exploit GeoServer Flaw to Target APAC Nations with EAGLEDOOR Malware (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- Akira and Fog ransomware now exploit critical Veeam RCE flaw (source)
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-27 | CVE-2023-46604 | Deserialization of Untrusted Data vulnerability in multiple products The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. | 9.8 |