Security News

Cloudflare has just detailed how suspected government spies gained access to its internal Atlassian installation using credentials stolen via a security breach at Okta in October. The October Okta security breach involved more than 130 customers of that IT access management biz, in which snoops swiped data from Okta in hope of drilling further into those organizations.

Cloudflare disclosed today that its internal Atlassian server was breached by a 'nation state' attacker who accessed its Confluence wiki, Jira bug database, and Atlassian Bitbucket source code management system."They then returned on November 22 and established persistent access to our Atlassian server using ScriptRunner for Jira, gained access to our source code management system, and tried, unsuccessfully, to access a console server that had access to the data center that Cloudflare had not yet put into production in São Paulo, Brazil," Cloudflare said.

Update November 09, 17:19 EST: A threat group known as Anonymous Sudan claimed that they were the ones who took down Cloudflare's website in a distributed denial-of-service attack. Cloudflare confirmed that the outage resulted from a DDoS attack that only affected the www.

"Cloudflare is investigating an ongoing outage causing 'We're sorry" Google errors to be shown on the company's website. The message on Cloudflare's website also contains a Google logo with a font face that doesn't match the current design and looks "a little off," as Cloudflare's Head of Organic Social Ryan Knight said.

An ongoing Cloudflare outage has taken down many of its products, including the company's dashboard and related application programming interfaces customers use to manage and read service configurations. The complete list of services whose functionality is wholly or partially impacted includes the Cloudflare dashboard, the Cloudflare API, Logpush, WARP / Zero Trust device posture, Stream API, Workers API, and the Alert Notification System.

Cloudflare says the number of hyper-volumetric HTTP DDoS attacks recorded in the third quarter of 2023 surpasses every previous year, indicating that the threat landscape has entered a new chapter. A Cloudflare report shared with BleepingComputer reveals that, during Q3 2023, the internet company mitigated thousands of hyper volumetric HTTP DDoS attacks.

Find out what security teams should do now, and hear what Cloudflare's CEO has to say about this DDoS. Google, AWS and Cloudflare have reported the exploitation of a zero-day vulnerability named HTTP/2 Rapid Reset and tracked as CVE-2023-44487, which is currently used in the wild to run the largest Distributed Denial of Service attack campaigns ever seen. The HTTP/2 Rapid Reset attack works by leveraging HTTP/2's stream cancellation feature: The attacker sends a request and cancels it immediately.

Firewall and distributed denial-of-service (DDoS) attack prevention mechanisms in Cloudflare can be circumvented by exploiting gaps in cross-tenant security controls, defeating the very purpose of...

Cloudflare's Firewall and DDoS prevention can be bypassed through a specific attack process that leverages logic flaws in cross-tenant security controls. Specifically, the analyst identified two vulnerabilities in the system impacting Cloudflare's "Authenticated Origin Pulls" and "Allowlist Cloudflare IP Addresses."

Threat actors' use of Cloudflare R2 to host phishing pages has witnessed a 61-fold increase over the past six months. "The majority of the phishing campaigns target Microsoft login credentials, although there are some pages targeting Adobe, Dropbox, and other cloud apps," Netskope security researcher Jan Michael said.