In this Threat SnapShot, we'll take a look at recent actor activity exploiting CVE-2023-46604, which allows unauthenticated remote code execution in Apache ActiveMQ clients. ActiveMQ is a popular, cross platform, open-source message broker for connecting distributed applications and services, and there are thousands of vulnerable endpoints that are exposed on the Internet. Due to the trivial nature of this vulnerability, actors are widely exploiting this to deploy ransomware. We'll take a look at the vulnerability and discuss detection and threat hunting strategies you can use to keep your organization safe.
Resources:
- [ Ссылка ]
- [ Ссылка ]
- [ Ссылка ]
- [ Ссылка ]
- [ Ссылка ] - Collection: CVE-2023-46604
- [ Ссылка ] - Threat: CVE-2023-46604 - Apache ActiveMQ Remote Code Execution
- [ Ссылка ] - Threat: CVE-2023-46604 - Apache ActiveMQ Remote Code Execution (Linux)
- [ Ссылка ] - Detection: Suspicious Invoke-WebRequest Execution With DirectIP
- [ Ссылка ] - Detection: Shell Process Spawned by Java.EXE
- [ Ссылка ] - Detection: Apache ActiveMQ Exploitation
- [ Ссылка ] - Detection: Apache ActiveMQ Exploitation (Linux)
![Как работает Электронный Микроскоп? Фотографируем атомы [Branch Education на русском]](https://s2.save4k.org/pic/yersyHx6MZc/mqdefault.jpg)
![Explore the Futuristic Sci-Fi Cities of a distant future | Sci-Fi Futuristic Music [AI Generated 21]](https://s2.save4k.org/pic/n8DbBXzeeyw/mqdefault.jpg)
