January 21, 2024 at 11:03PM Cybersecurity researchers have observed an increase in threat actor activity exploiting a vulnerability in Apache ActiveMQ by delivering the Godzilla web shell. The web shells are concealed within an unknown binary format to evade security measures. This vulnerability has been actively exploited to deploy ransomware, rootkits, cryptocurrency miners, and DDoS … Read more
November 21, 2023 at 05:12AM Kinsing threat actors are using a critical security flaw in Apache ActiveMQ servers to infect Linux systems with cryptocurrency miners and rootkits. The malware deploys a cryptocurrency mining script that utilizes the host’s resources, causing damage to infrastructure and system performance. The group adapts to new vulnerabilities and targets misconfigured … Read more
November 16, 2023 at 05:50PM A new proof-of-concept (PoC) exploit for a critical security vulnerability in Apache ActiveMQ allows threat actors to achieve remote code execution (RCE) on vulnerable servers. Despite a patch being available, numerous organizations remain exposed, with the HelloKitty ransomware gang taking advantage. Researchers at VulnCheck have developed a more sophisticated exploit … Read more
November 15, 2023 at 09:45AM A critical security flaw in Apache ActiveMQ, tracked as CVE-2023-46604, allows threat actors to execute arbitrary code in memory. The flaw has been exploited by ransomware groups, deploying ransomware like HelloKitty and a strain similar to TellYouThePass, as well as a remote access trojan called SparkRAT. The attacks rely on … Read more
November 4, 2023 at 12:30PM An Apache ActiveMQ vulnerability, CVE-2023-46604, was exploited maliciously prior to patch releases, according to Huntress. Thousands of vulnerable internet-exposed instances are still at risk. Evidence suggests the exploitation began as a zero-day on October 10, with attackers attempting to deliver HelloKitty ransomware. Users are urged to update ActiveMQ to versions … Read more
November 2, 2023 at 05:17PM More than 3,000 Apache ActiveMQ Servers are at risk of a critical remote code execution vulnerability. An attacker has already started targeting the vulnerability to deploy ransomware. The flaw allows remote attackers to execute arbitrary commands on affected systems. Proof-of-concept exploit code and details of the vulnerability are publicly available, … Read more
November 2, 2023 at 01:20PM Ransomware criminals are exploiting a severe vulnerability in Apache ActiveMQ, allowing for remote code execution. The developers released fixes for the affected versions, but many services remain unpatched, with China having the highest number of vulnerable services. The attacks are attributed to the HelloKitty ransomware family, known for targeting smaller … Read more
November 2, 2023 at 12:23PM HelloKitty ransomware is exploiting a critical Apache ActiveMQ flaw to breach networks and encrypt devices. The flaw allows attackers to execute arbitrary shell commands. Despite a security update being released, there are still thousands of internet-exposed servers using a vulnerable version. Rapid7 reported instances of threat actors exploiting the flaw … Read more
November 2, 2023 at 05:30AM Researchers have identified a critical security flaw in the Apache ActiveMQ message broker service that could allow remote code execution. The flaw has been exploited to deploy HelloKitty ransomware on target systems. The vulnerability has a severity score of 10.0 and has been addressed in the latest ActiveMQ versions. Users … Read more
November 1, 2023 at 02:11PM Over 3,000 internet-exposed Apache ActiveMQ servers are vulnerable to a critical newly disclosed remote code execution (RCE) vulnerability, known as CVE-2023-46604. Exploiting this flaw allows attackers to execute arbitrary shell commands. The vulnerability affects various versions of ActiveMQ, but patches have been released to address the issue. Researchers have found … Read more