Security News

Six malicious packages on PyPI, the Python Package Index, were found installing information-stealing and RAT malware while using Cloudflare Tunnel to bypass firewall restrictions for remote access. The malicious packages attempt to steal sensitive user information stored in browsers, run shell commands, and use keyloggers to steal typed secrets.

Cloudflare has made its 'Cloudflare One Zero Trust' security suite free to public interest groups, election sites, and state organizations that are currently part of Project Galileo and the Athenian Project. Today, Cloudflare announced that they are enhancing both of these offerings by providing free access to its Cloudflare One Zero Trust security product.

Cloudflare announced today that they are raising prices for their Pro and Business plans for the first time since they launched in 2017. The initial plans included a free plan with limited functionality and a Pro plan for $20/month with additional features.

Cloudflare has found a way to extend some of its services across the Great Firewall and into mainland China. "Packets crossing the China border often experience reachability, congestion, loss, and latency challenges on their way to an origin server outside of China."

Wynncraft, one of the largest Minecraft servers, was recently hit by a 2.5 Tbps distributed denial-of-service attack. It was a multi-vector attack that lasted for about two minutes and consisted of UDP and TCP floods packets attempting to overwhelm the server and keep out hundreds of thousands of players, DDoS mitigation company Cloudflare says.

Cloudflare is the first major internet infrastructure provider to support post-quantum cryptography for all customers, which, in theory, should protect data if quantum computing ever manages to break today's encryption technologies. Starting today all websites and APIs served through Cloudflare support post-quantum TLS based on the Kyber hybrid key agreement.

Cloudflare shows flair with new products for mobile and IoT security. Cloudflare holds the view that while corporate organizations have made moves to deploy zero-trust security solutions at the software level of their desktops, mobile devices have not received similar attention.

Excessive and indiscriminate blocking is underway in Austria, with internet service providers complying to a court order to block pirate sites causing significant collateral damage. The legal case was launched by the copyright organization "LSG - Wahrnehmung von Leistungsschutzrechten GesmbH", which convinced an Austrian court to block 14 websites for copyright law violations.

Excessive and indiscriminate blocking is underway in Austria, with internet service providers complying to a court order to block pirate sites causing significant collateral damage. The legal case was launched by the copyright organization "LSG - Wahrnehmung von Leistungsschutzrechten GesmbH", which convinced an Austrian court to block 14 websites for copyright law violations.

Criminals behind the cyberattack attempts on Twilio and Cloudflare earlier this month had cast a much wider net in their phishing expedition, targeting as many as 135 organizations - primarily IT, software development and cloud services providers based in the US. The gang went after the employees of Okta customers, sending victims text messages with malicious links to sites spoofing their company's authentication page to harvest their work login credentials and multi-factor authentication codes. In research published Thursday, the threat intel team revealed the Oktapus phishing trip, which began in March, snaffled 9,931 user credentials and 5,441 multi-factor authentication codes.