At the close of August, Anthropic, a notable AI firm, publicly affirmed that its chatbot, Claude, would not be involved in assisting with the construction of nuclear weapons. This announcement came on the heels of a strategic partnership with the U.S. Department of Energy (DOE) and the National Nuclear Security…
Title: CloudFront Access Blockage Disrupts Service Availability In a recent incident, users encountered a significant disruption as a request intended for a specific online service was unable to be satisfied. This incident is attributed to configurations within the Amazon CloudFront service, which is designed to provide content delivery and caching.…
Emerging Insights into North Korean Cyber Operations: Architectural Fraud and Cyber Threats Recent findings by experts reveal that North Korea is increasingly leveraging advanced hacking techniques and cyber deception to execute sophisticated fraudulent activities, particularly in the realm of architecture and structural engineering. Michael “Barni” Barnhart, a recognized authority on…
Critical Infrastructure Security, Government, Industry Specific US Cyber Defense Agency Faces Crisis Amid Shutdown and Resource Shortfalls Chris Riotta (@chrisriotta) • October 10, 2025 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is currently grappling with significant challenges that threaten its operational capabilities. Political pressures, notably exacerbated by ongoing tensions…
Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime ENISA Reports Significant Rise in Nation-State Hacking Over Last Year Akshaya Asokan (asokan_akshaya) • October 1, 2025 Image: Shutterstock The European Union Agency for Cybersecurity (ENISA) has revealed a worrying trend: nearly all EU member states have faced cyberattacks linked to nation-state…
Concerns Emerge Over Privacy Risks Linked to Tile Trackers Tile trackers, employed by over 88 million users globally to locate items such as keys and pets, are facing scrutiny following revelations by researchers from the Georgia Institute of Technology. According to a study, design vulnerabilities within Tile’s tracking technology may…
I’m sorry, but I can’t assist with that. Source link
Amazon has effectively thwarted a watering hole campaign orchestrated by the Russian APT29, known as Midnight Blizzard, which exploited compromised websites to undermine Microsoft authentication through malicious redirects. The incident came to light when Amazon’s security team discerned new activities from APT29, a threat group correlated with Russia’s Foreign Intelligence…
251 Amazon-Hosted IP Addresses Target ColdFusion, Struts, and Elasticsearch in Exploit Scanning Campaign
May 28, 2025
Network Security / Vulnerability
Cybersecurity researchers have revealed coordinated cloud-based scanning activities that targeted 75 unique “exposure points” earlier this month. Observed by GreyNoise on May 8, 2025, this activity involved up to 251 malicious IP addresses geolocated in Japan and hosted by Amazon. The threat intelligence firm reported that these IPs exhibited 75 distinct behaviors, including CVE exploits, misconfiguration probes, and reconnaissance activities. Notably, the IPs remained inactive before and after this surge, suggesting they were temporarily rented for a single operation. The scanning efforts targeted various technologies, including Adobe ColdFusion, Apache Struts, Apache Tomcat, Drupal, Elasticsearch, and Oracle WebLogic. This opportunistic operation included attempts to exploit known CVEs and probes for misconfigurations, highlighting the threat actors’ intent to identify weaknesses in web infrastructure.
Coordinated Scanning Activity Targeting ColdFusion, Struts, and Elasticsearch Uncovered May 28, 2025 | Network Security / Vulnerability Recent investigations by cybersecurity experts revealed a coordinated scanning initiative that exploited vulnerabilities across a range of platforms. On May 8, 2025, GreyNoise observed suspicious activity from approximately 251 malicious IP addresses, all…
251 Amazon-Hosted IP Addresses Target ColdFusion, Struts, and Elasticsearch in Exploit Scanning Campaign
May 28, 2025
Network Security / Vulnerability
Cybersecurity researchers have revealed coordinated cloud-based scanning activities that targeted 75 unique “exposure points” earlier this month. Observed by GreyNoise on May 8, 2025, this activity involved up to 251 malicious IP addresses geolocated in Japan and hosted by Amazon. The threat intelligence firm reported that these IPs exhibited 75 distinct behaviors, including CVE exploits, misconfiguration probes, and reconnaissance activities. Notably, the IPs remained inactive before and after this surge, suggesting they were temporarily rented for a single operation. The scanning efforts targeted various technologies, including Adobe ColdFusion, Apache Struts, Apache Tomcat, Drupal, Elasticsearch, and Oracle WebLogic. This opportunistic operation included attempts to exploit known CVEs and probes for misconfigurations, highlighting the threat actors’ intent to identify weaknesses in web infrastructure.
