Kinsing Malware Operator Currently Exploiting Apache Vulnerability To Infect Linux Systems

The Kinsing malware operator is currently taking advantage of the critical CVE-2023-46604 vulnerability in the Apache ActiveMQ open-source message broker to compromise Linux systems. This vulnerability, which enables remote code execution, was addressed in a patch released in late October. According to Apache's disclosure, the flaw permits the execution of arbitrary shell commands by exploiting serialized class types in the OpenWire protocol. Despite the patch being available for some time, researchers have identified thousands of servers that remain susceptible to attacks. Ransomware groups, such as HelloKitty and TellYouThePass, have seized the opportunity to exploit these exposed systems. Read more...