התחל במצב לא מקוון עם האפליקציה Player FM !
פודקאסטים ששווה להאזין
בחסות


1 Ep 563: ChatGPT's New Custom GPT's: Advanced techniques to win back time 46:52
Tomcat Manager Attacks: 400 IPs in Coordinated Brute-Force Attack
Manage episode 488236924 series 3645080
On June 5, 2025, GreyNoise flagged a massive spike in coordinated brute-force login attempts targeting Apache Tomcat Manager interfaces. Nearly 400 unique IP addresses, many traced back to DigitalOcean infrastructure, were involved in a widespread and opportunistic campaign. In this episode, we dissect the attack pattern, what makes Apache Tomcat a recurring target, and why this surge should be treated as an early warning signal—not just random noise.
We go deep into the authentication and configuration weaknesses that attackers exploit and walk through concrete hardening steps every Tomcat admin should implement—starting with strong password hashing (like Argon2id), multi-factor authentication, and locking down management interfaces. We also highlight specific Tomcat security configurations—from Realms and RemoteAddrValve tuning to disabling TRACE, SSLv3, and limiting directory listings.
The discussion also covers essential logging and incident response measures, such as setting up AccessLogValve, conducting regular log analysis, enabling secure session management, and building a living incident response plan. Whether you’re running a public-facing Tomcat server or managing multiple internal environments, this episode offers a focused breakdown of proactive defense strategies to secure against both opportunistic and targeted threats.
Tune in to learn how to defend your systems before they become someone else’s reconnaissance experiment.
205 פרקים
Manage episode 488236924 series 3645080
On June 5, 2025, GreyNoise flagged a massive spike in coordinated brute-force login attempts targeting Apache Tomcat Manager interfaces. Nearly 400 unique IP addresses, many traced back to DigitalOcean infrastructure, were involved in a widespread and opportunistic campaign. In this episode, we dissect the attack pattern, what makes Apache Tomcat a recurring target, and why this surge should be treated as an early warning signal—not just random noise.
We go deep into the authentication and configuration weaknesses that attackers exploit and walk through concrete hardening steps every Tomcat admin should implement—starting with strong password hashing (like Argon2id), multi-factor authentication, and locking down management interfaces. We also highlight specific Tomcat security configurations—from Realms and RemoteAddrValve tuning to disabling TRACE, SSLv3, and limiting directory listings.
The discussion also covers essential logging and incident response measures, such as setting up AccessLogValve, conducting regular log analysis, enabling secure session management, and building a living incident response plan. Whether you’re running a public-facing Tomcat server or managing multiple internal environments, this episode offers a focused breakdown of proactive defense strategies to secure against both opportunistic and targeted threats.
Tune in to learn how to defend your systems before they become someone else’s reconnaissance experiment.
205 פרקים
All episodes
×
1 TikTok, China, and the EU: The Battle Over Data Sovereignty 58:06

1 Booz Allen Invests in Corsha: Defending Machine-to-Machine Communication at Scale 33:00

1 WSUS Meltdown: Global Sync Failures and the Shift Toward Cloud Patch Management 27:45

1 Cracking eSIM: Exposing the Hidden Threats in Next-Gen Mobile Security 16:43

1 Qantas Breach and Beyond: Cybersecurity Risks in Australia’s Digital Supply Chains 1:03:23

1 Taiwan Sounds the Alarm: TikTok, WeChat, and the Chinese Data Threat 1:06:28

1 The Evolution of Atomic macOS Stealer: Backdoors, Keyloggers, and Persistent Threats 45:00

1 CitrixBleed Returns: CVE-2025-5777 and the Exploitation of NetScaler Devices 1:02:21

1 SAP’s July 2025 Patch Day: Critical Flaws, CVE-2025-30012, and Ransomware Risk 1:02:01

1 106GB Exposed? Telefónica, HellCat, and the Silent Data Breach 50:33

1 Ingram Micro’s SafePay Ransomware Breach: Human-Operated Threats and Supply Chain Fallout 59:56

1 The Illusion of Shutdowns: What Hunters International's Closure Really Means 42:41

1 CISA Flags CVE-2025-6554: Patching Chrome’s Critical Flaw Before It’s Too Late 40:49

1 ANSSI vs. Houken: France Battles Advanced Chinese Hacking Threat 33:16

1 Psychological Manipulation and AI Fraud: How Spain Exposed a $12M Scam 17:21

1 CVE-2025-20309: Critical Cisco Root Access Flaw Threatens VoIP Security 41:32

1 macOS Under Siege: NimDoor Malware Targets Telegram, Wallets, and Keychains 43:09

1 Cisco Unified CM Vulnerability: Root Access Risk for Enterprise VoIP Networks 56:02

1 Forminator Flaw Exposes WordPress Sites to Takeover Attacks: Vulnerability Threatens 600,000+ Sites 50:32

1 Kelly Benefits Breach: Over 550,000 Victims and the Rising Identity Theft Crisis 1:08:04

1 FileFix, HTA, and MotW Bypass—The Alarming Evolution of HTML-Based Attacks 46:04

1 Sophisticated Cyberattack on the International Criminal Court: Justice in the Crosshairs 19:37

1 Critical Flaws in Microsens NMP Web+ Threaten Industrial Network Security 43:40

1 Qantas Data Breach: Third-Party Hack Exposes Millions of Frequent Flyers 24:36

1 Berlin Regulator Targets DeepSeek AI Over Data Transfers to China 43:41

1 CISA Flags Citrix NetScaler Flaws: What CVE-2025-6543 Means for Federal and Private Networks 56:41

1 Cato Networks Secures $359M to Fuel AI-Powered SASE Expansion 17:12

1 Chrome’s Latest Zero-Day: CVE-2025-6554 and Remote Code Execution Risks 54:24

1 Russia’s 16KB Curtain: Cloudflare Throttling and the Future of the RuNet 1:45:31

1 Ahold Delhaize Data Breach: 2.2 Million Employee Records Exposed 37:44
ברוכים הבאים אל Player FM!
Player FM סורק את האינטרנט עבור פודקאסטים באיכות גבוהה בשבילכם כדי שתהנו מהם כרגע. זה יישום הפודקאסט הטוב ביותר והוא עובד על אנדרואיד, iPhone ואינטרנט. הירשמו לסנכרון מנויים במכשירים שונים.