Kevin Beaumont on Nostr: Looked at the Apache Tomcat stuff again at lunch - one of the IPs doing mass ...
Looked at the Apache Tomcat stuff again at lunch - one of the IPs doing mass exploitation is a VPS provider - where the login traffic comes from a security vendor. Same pattern as what happened with that Apache Camel vuln.
If this continues I think I’ll evidence it and let the community judge. It really does feel like there’s sections of the security vendor industry trying to start the fire they put out. I know times are tough but please stop it.
Published at
2025-03-19 15:12:23Event JSON
{
"id": "08ab289f31a070b525499a040381496701f1fdb3ceb6b68d69c0a9fcd1e7fa4b",
"pubkey": "f6870afcde4480ec8508f50304859e14a51309ff24ab3f0f862c52bdc4af8747",
"created_at": 1742397143,
"kind": 1,
"tags": [
[
"e",
"c839d81783156baea8991fd45769b8ca603244151531e4503785bc75ed3f66ec",
"wss://relay.mostr.pub",
"reply"
],
[
"proxy",
"https://cyberplace.social/users/GossiTheDog/statuses/114189739165600194",
"activitypub"
]
],
"content": "Looked at the Apache Tomcat stuff again at lunch - one of the IPs doing mass exploitation is a VPS provider - where the login traffic comes from a security vendor. Same pattern as what happened with that Apache Camel vuln. \n\nIf this continues I think I’ll evidence it and let the community judge. It really does feel like there’s sections of the security vendor industry trying to start the fire they put out. I know times are tough but please stop it.",
"sig": "409eaf87f80ff1aab29bfd6889c3e195f8cff79f05c9e865bb6d6140ac6c083da859011a5b251b36359dcb2204ee67b83d906b62e00b44ca9cd0d5dc2b0f7626"
}
