Security News

How LockBit used Citrix Bleed to breach Boeing and other targetsCVE-2023-4966, aka "Citrix Bleed", has been exploited by LockBit 3.0 affiliates to breach Boeing's parts and distribution business, and "Other trusted third parties have observed similar activity impacting their organization," cybersecurity and law enforcement officials have confirmed on Tuesday. Apache ActiveMQ bug exploited to deliver Kinsing malwareAttackers are exploiting a recently fixed vulnerability in Apache ActiveMQ to install Kinsing malware and cryptocurrency miners on targeted Linux systems.

Attackers are exploiting a recently fixed vulnerability in Apache ActiveMQ to install Kinsing malware and cryptocurrency miners on targeted Linux systems. Apache ActiveMQ is a popular Java-based open source message broker that allows communication between applications and services by translating messages exchanged via different protocols.

The Kinsing threat actors are actively exploiting a critical security flaw in vulnerable Apache ActiveMQ servers to infect Linux systems with cryptocurrency miners and rootkits. "Once Kinsing...

The Kinsing malware operator is actively exploiting the CVE-2023-46604 critical vulnerability in the Apache ActiveMQ open-source message broker to compromise Linux systems. Kinsing malware targets Linux systems and its operator is notorious for leveraging known flaws that are often overlooked by system administrators.

Cybersecurity researchers have demonstrated a new technique that exploits a critical security flaw in Apache ActiveMQ to achieve arbitrary code execution in memory. Tracked as CVE-2023-46604 (CVSS...

Multiple ransomware groups have begun to actively exploit recently disclosed flaws in Atlassian Confluence and Apache ActiveMQ. Cybersecurity firm Rapid7 said it observed the exploitation of CVE-2023-22518 and CVE-2023-22515 in multiple customer environments, some of which have been leveraged for the deployment of Cerber ransomware. Both vulnerabilities are critical, allowing threat actors to create unauthorized Confluence administrator accounts and lead to data loss.

Internet-exposed Apache ActiveMQ servers are also targeted in TellYouThePass ransomware attacks targeting a critical remote code execution vulnerability previously exploited as a zero-day. One week after Apache patched this critical ActiveMQ vulnerability, Huntress Labs and Rapid7 both reported spotting attackers exploiting the bug to deploy HelloKitty ransomware payloads on customers' networks.

Security researchers have confirmed that ransomware criminals are capitalizing on a maximum-severity vulnerability in Apache ActiveMQ. Announced on October 25 and tracked as CVE-2023-46604, the insecure deserialization vulnerability allows for remote code execution on affected versions. "Apache ActiveMQ is vulnerable to remote code execution," Apache said in its advisory.

The HelloKitty ransomware operation is exploiting a recently disclosed Apache ActiveMQ remote code execution flaw to breach networks and encrypt devices. Yesterday, Rapid7 reported that they had seen at least two distinct cases of threat actors exploiting CVE-2023-46604 in customer environments to deploy HelloKitty ransomware binaries and extort the targeted organizations.

Cybersecurity researchers are warning of suspected exploitation of a recently disclosed critical security flaw in the Apache ActiveMQ open-source message broker service that could result in remote...