The Kinsing malware operator is exploiting a critical vulnerability in the Apache ActiveMQ message broker to compromise Linux systems. This flaw, allowing remote code execution, was previously targeted by ransomware gangs such as HelloKitty and TellYouThePass. The malware targets competing Monero miners, evades detection, and adds rootkits into the Linux system configuration files to execute with every system process. System administrators are urged to upgrade Apache Active MQ to patched versions to mitigate the threat.
Group-IB’s Threat Intelligence and Defence Centre Equip Undergraduates with Sophisticated Cybersecurity Technologies to Boost Threat Analysis and Enhance Cyber Resilience for Campus Start-ups
Hey there from the heart of the San Francisco Bay Area! It’s an absolute pleasure to have you back again for our chat on some