You Bought the Camera, Forgot the Password — Hackers Didn’t
While admins focus on routine tasks, invisible guests are already exploring the interfaces.
While admins focus on routine tasks, invisible guests are already exploring the interfaces.
Target: Apache Tomcat Manager
On June 5, 2025, cybersecurity firm GreyNoise reported a dramatic surge in brute-force attacks on Apache Tomcat Manager interfaces. Researchers observed a widespread campaign attempting to identify and compromise exposed Tomcat services.
- 295 unique IPs were recorded conducting brute-force attacks in a single day — all deemed malicious.
- Within the past 24 hours, 188 IPs remained active, primarily from the US, UK, Germany, the Netherlands, and Singapore.
Simultaneously, 298 IPs attempted to log into Tomcat Manager panels, with 246 showing activity within the same day. All were flagged as harmful, with geographical origins consistent with previous incidents.
Other impacted countries include Spain, India, and Brazil, while a significant volume of the malicious traffic came from servers hosted on DigitalOcean (ASN 14061).
Although no specific vulnerability was exploited, the aggressive credential stuffing indicates a growing interest in publicly exposed Tomcat systems — often a precursor to targeted attacks.
GreyNoise advises admins:
- Lock down Tomcat Manager interfaces behind strong authentication.
- Monitor logs and unusual login attempts.
- Remove or restrict public access whenever possible.
Open Cameras, Open Risks
Meanwhile, a separate report by Bitsight revealed 40,000+ internet-exposed IP cameras streaming unprotected video via HTTP or RTSP, accessible to anyone online.
Top countries with exposed cameras:
- United States
- Japan
- Austria
- Czech Republic
- South Korea
By industry, telecommunications account for 79% of these installations, followed by:
- Tech (6%)
- Media (4.1%)
- Energy (2.5%)
- Education (2.2%)
- Business services (2.2%)
- Government (1.2%)
The cameras are deployed in homes, offices, vehicles, and industrial sites, often unintentionally broadcasting sensitive or critical information that could be used for espionage, harassment, or blackmail.
Key recommendations:
- Change default credentials immediately.
- Disable remote access or restrict it via VPNs and firewalls.
- Regularly update firmware to patch security flaws.
Security Researcher João Cruz commented that one of the biggest risks is ease of use:
Bottom Line
Whether it's a forgotten password on a Tomcat server or an unprotected security camera in your home — convenience often comes at the cost of control. In a world where search engines index vulnerabilities and hackers automate reconnaissance, anything left exposed will eventually be exploited.
