Security News
Cloudflare has found a way to extend some of its services across the Great Firewall and into mainland China. "Packets crossing the China border often experience reachability, congestion, loss, and latency challenges on their way to an origin server outside of China."
Wynncraft, one of the largest Minecraft servers, was recently hit by a 2.5 Tbps distributed denial-of-service attack. It was a multi-vector attack that lasted for about two minutes and consisted of UDP and TCP floods packets attempting to overwhelm the server and keep out hundreds of thousands of players, DDoS mitigation company Cloudflare says.
Cloudflare is the first major internet infrastructure provider to support post-quantum cryptography for all customers, which, in theory, should protect data if quantum computing ever manages to break today's encryption technologies. Starting today all websites and APIs served through Cloudflare support post-quantum TLS based on the Kyber hybrid key agreement.
Cloudflare shows flair with new products for mobile and IoT security. Cloudflare holds the view that while corporate organizations have made moves to deploy zero-trust security solutions at the software level of their desktops, mobile devices have not received similar attention.
Excessive and indiscriminate blocking is underway in Austria, with internet service providers complying to a court order to block pirate sites causing significant collateral damage. The legal case was launched by the copyright organization "LSG - Wahrnehmung von Leistungsschutzrechten GesmbH", which convinced an Austrian court to block 14 websites for copyright law violations.
Excessive and indiscriminate blocking is underway in Austria, with internet service providers complying to a court order to block pirate sites causing significant collateral damage. The legal case was launched by the copyright organization "LSG - Wahrnehmung von Leistungsschutzrechten GesmbH", which convinced an Austrian court to block 14 websites for copyright law violations.
Criminals behind the cyberattack attempts on Twilio and Cloudflare earlier this month had cast a much wider net in their phishing expedition, targeting as many as 135 organizations - primarily IT, software development and cloud services providers based in the US. The gang went after the employees of Okta customers, sending victims text messages with malicious links to sites spoofing their company's authentication page to harvest their work login credentials and multi-factor authentication codes. In research published Thursday, the threat intel team revealed the Oktapus phishing trip, which began in March, snaffled 9,931 user credentials and 5,441 multi-factor authentication codes.
Group-IB has discovered that the recently disclosed phishing attacks on the employees of Twilio and Cloudflare were part of the massive phishing campaign that resulted in 9,931 accounts of over 130 organizations being compromised. Group-IB Threat Intelligence team uncovered and analyzed the attackers' phishing infrastructure, including phishing domains, the phishing kit as well as the Telegram channel controlled by the threat actors to drop compromised information.
The threat actor behind the attacks on Twilio and Cloudflare earlier this month has been linked to a broader phishing campaign aimed at 136 organizations that resulted in a cumulative compromise of 9,931 accounts. The activity has been condemned 0ktapus by Group-IB because the initial goal of the attacks was to "Obtain Okta identity credentials and two-factor authentication codes from users of the targeted organizations."
WordPress sites are being hacked to display fake Cloudflare DDoS protection pages to distribute malware that installs the NetSupport RAT and the RaccoonStealer password-stealing Trojan.DDoS protection screens are commonplace on the internet, protecting sites from bots that ping them with bogus requests, aiming to overwhelm them with garbage traffic.