Over 3,000 internet-connected Apache ActiveMQ servers are exposed to a critical remote code execution vulnerability, tracked as CVE-2023-46604. The vulnerability has been actively exploited to deliver ransomware. To avoid these attacks, the Apache Software Foundation has recommended that organizations update to the latest fixed version of the software. The ActiveMQ serves as the most commonly-used open-source, multi-protocol and java-based message broker, with around 13,120 companies using the system according to Enlyft.
The NCSC wants developers to get serious on software security
The NCSC’s new Software Security Code of Practice has been praised by cyber professionals as a significant advancement in enhancing software supply chain security.
