Security News

This weekend, Cloudflare blocked what it describes as the largest volumetric distributed denial-of-service attack to date. "The majority of attacks peaked in the ballpark of 50-70 million requests per second with the largest exceeding 71 million rps," Cloudflare's Omer Yoachimik, Julien Desgats, and Alex Forster said.

In yet another campaign targeting the Python Package Index repository, six malicious packages have been found deploying information stealers on developer systems. The malicious code, as is increasingly the case, is concealed in the setup script of these libraries, meaning running a "Pip install" command is enough to activate the malware deployment process.

Six malicious packages on PyPI, the Python Package Index, were found installing information-stealing and RAT malware while using Cloudflare Tunnel to bypass firewall restrictions for remote access. The malicious packages attempt to steal sensitive user information stored in browsers, run shell commands, and use keyloggers to steal typed secrets.

Cloudflare has made its 'Cloudflare One Zero Trust' security suite free to public interest groups, election sites, and state organizations that are currently part of Project Galileo and the Athenian Project. Today, Cloudflare announced that they are enhancing both of these offerings by providing free access to its Cloudflare One Zero Trust security product.

Cloudflare announced today that they are raising prices for their Pro and Business plans for the first time since they launched in 2017. The initial plans included a free plan with limited functionality and a Pro plan for $20/month with additional features.

Cloudflare has found a way to extend some of its services across the Great Firewall and into mainland China. "Packets crossing the China border often experience reachability, congestion, loss, and latency challenges on their way to an origin server outside of China."

Wynncraft, one of the largest Minecraft servers, was recently hit by a 2.5 Tbps distributed denial-of-service attack. It was a multi-vector attack that lasted for about two minutes and consisted of UDP and TCP floods packets attempting to overwhelm the server and keep out hundreds of thousands of players, DDoS mitigation company Cloudflare says.

Cloudflare is the first major internet infrastructure provider to support post-quantum cryptography for all customers, which, in theory, should protect data if quantum computing ever manages to break today's encryption technologies. Starting today all websites and APIs served through Cloudflare support post-quantum TLS based on the Kyber hybrid key agreement.

Cloudflare shows flair with new products for mobile and IoT security. Cloudflare holds the view that while corporate organizations have made moves to deploy zero-trust security solutions at the software level of their desktops, mobile devices have not received similar attention.

Excessive and indiscriminate blocking is underway in Austria, with internet service providers complying to a court order to block pirate sites causing significant collateral damage. The legal case was launched by the copyright organization "LSG - Wahrnehmung von Leistungsschutzrechten GesmbH", which convinced an Austrian court to block 14 websites for copyright law violations.