Security News

A Danish ethical hacker was able to work his way uninvited into a closed Cloudflare beta and found a vulnerability that could have been exploited by a cybercriminal to hijack and steal someone else's email. Student Albert Pedersen reported the critical vulnerability to Cloudflare via the company's bug bounty program, and was awarded $3,000.

The botnet behind the largest HTTPS distributed denial-of-service attack in June 2022 has been linked to a spate of attacks aimed at nearly 1,000 Cloudflare customers. Calling the powerful botnet Mantis, the web performance and security company attributed it to more than 3,000 HTTP DDoS attacks against its users.

Cloudflare says a massive outage that affected more than a dozen of its data centers and hundreds of major online platforms and services today was caused by a change that should have increased network resilience."Today, June 21, 2022, Cloudflare suffered an outage that affected traffic in 19 of our data centers," Cloudflare said after investigating the incident.

Cloudflare said it this month staved off another record-breaking HTTPS-based distributed denial-of-service attack, this one significantly larger than the previous largest DDoS attack that occurred only two months ago. In April, the biz said it mitigated an HTTPS DDoS attack that reached a peak of 15.3 million requests-per-second.

Cloudflare on Tuesday disclosed that it had acted to prevent a record-setting 26 million request per second distributed denial-of-service attack last week, making it the largest HTTPS DDoS attack detected to date. The web performance and security company said the attack was directed against an unnamed customer website using its Free plan and emanated from a "Powerful" botnet of 5,067 devices, with each node generating approximately 5,200 RPS at peak.

Internet infrastructure firm Cloudflare said today that it mitigated a 26 million request per second distributed denial-of-service attack, the largest HTTPS DDoS attack detected to date. The threat actor behind it likely used hijacked servers and virtual machines seeing that the attack originated from Cloud Service Providers instead of weaker Internet of Things devices from compromised Residential Internet Service Providers.

At 15.3 million requests-per-second, the DDoS bombardment was one of the largest that the internet infrastructure company has seen, and the largest HTTPS attack on record. Other countries generating the most traffic included Russia, Brazil, India, Colombia and the US. Cloudflare researchers didn't name the botnet but said it was one that they've been watching and had seen attacks as large as 10 million rps that matched the same fingerprint.

Cloudflare on Wednesday disclosed that it acted to mitigate a 15.3 million request-per-second distributed denial-of-service attack. "HTTPS DDoS attacks are more expensive in terms of required computational resources because of the higher cost of establishing a secure TLS encrypted connection," Cloudflare's Omer Yoachimik and Julien Desgats said.

To protect client data during the ongoing conflicts, Cloudflare has removed all customer encryption keys from data centers located in Ukraine, Russia, and Belarus, and deployed its "Keyless SSL" technology. The second measure is the addition of a forceful configuration on all servers located in Ukraine, Belarus, and Russia, to automatically brick in the case of a power loss or internet connection disruption.

Krazy Glue of the internet Cloudflare has buffed up its email security with the purchase of anti-phishing firm Area 1. Area 1 Security is all about pre-emptively tracking phishing campaigns and preventing customer mailboxes being troubled thanks to its INBOX.CLEAN product.