CISA adds critical Apache RocketMQ flaw in KEV catalog

10 September 2023

Attacks leveraging a critical Apache RocketMQ flaw, tracked as CVE-2023-33246, to deploy the DreamBus botnet and a Monero miner have prompted the inclusion of the bug in the Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities catalog, according to BleepingComputer. Vulnerable RocketMQ distributed messaging and streaming systems could be targeted by various threat actors to facilitate the delivery of different payloads, said CISA, which noted that exploitation has been made possible by executing system user commands through the update configuration functionality of the platform.

Source: SC Magazine

Date:

10 September 2023

Categorie(s):

NEWS

Tag(s):

Apache, CISA, IT, News

Infosec products of the month: April 20241 May 2024
Open source programming language R patches critical arbitrary code exec flaw1 May 2024
Open source programming language R patches gnarly arbitrary code exec flaw1 May 2024
Cyber-bastard jailed for stealing psychotherapy files, blackmailing patients30 April 2024
London Drugs pharmacy closes all stores to respond to cyber incident30 April 2024