back to article Critical Apache ActiveMQ flaw under attack by 'clumsy' ransomware crims

Security researchers have confirmed that ransomware criminals are capitalizing on a maximum-severity vulnerability in Apache ActiveMQ. Announced on October 25 and tracked as CVE-2023-46604, the insecure deserialization vulnerability allows for remote code execution (RCE) on affected versions. "Apache ActiveMQ is vulnerable to …

  1. ChoHag Silver badge
    Coat

    Shall we call them Script Kitties?

  2. Androgynous Cupboard Silver badge

    Oh dear, let me guess: Apache are using Java Serialization, then sending the serialized data over the wire?

    Java Coders of the world, listen to me! Java Serialization is not a wire format! It's insecure, hard to debug, Java-specific and not portable over time (change your class signature, and it will no-longer deserialize). Use CBOR or something you can actually inspect.

    1. Sykowasp

      No, they don't, but OpenWire might.

      Note that by the time you are in "a remote attacker with network access to a broker" type situation, you have bigger problems anyway.

      But users of classic ActiveMQ have had years and years to move onto ActiveMQ Artemis.

  3. An_Old_Dog Silver badge

    Clumsiness != Ineffectiveness

    It doesn't matter how amateurish or clumsy an attacker is. If they manage to copy and/or encrypt your data, they have succeeded, and you have lost. Attacker: "Username = user; Password = letmein123 didn't work. OK, I'll try, Username = user; Password = letmein1234 ..."

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like