Detecting Apache ActiveMQ Exploitation Activity (CVE-2023-46604) | Threat SnapShot
HTML-код
- Опубликовано: 10 сен 2024
- In this Threat SnapShot, we'll take a look at recent actor activity exploiting CVE-2023-46604, which allows unauthenticated remote code execution in Apache ActiveMQ clients. ActiveMQ is a popular, cross platform, open-source message broker for connecting distributed applications and services, and there are thousands of vulnerable endpoints that are exposed on the Internet. Due to the trivial nature of this vulnerability, actors are widely exploiting this to deploy ransomware. We'll take a look at the vulnerability and discuss detection and threat hunting strategies you can use to keep your organization safe.
Resources:
- www.securitywe...
- www.bleepingco...
- www.trendmicro...
- activemq.apach...
- app.snapattack... - Collection: CVE-2023-46604
- app.snapattack... - Threat: CVE-2023-46604 - Apache ActiveMQ Remote Code Execution
- app.snapattack... - Threat: CVE-2023-46604 - Apache ActiveMQ Remote Code Execution (Linux)
- app.snapattack... - Detection: Suspicious Invoke-WebRequest Execution With DirectIP
- app.snapattack... - Detection: Shell Process Spawned by Java.EXE
- app.snapattack... - Detection: Apache ActiveMQ Exploitation
- app.snapattack... - Detection: Apache ActiveMQ Exploitation (Linux)
