Security News

Web infrastructure and website security company Cloudflare on Thursday disclosed that it mitigated the largest ever volumetric distributed denial of service attack recorded to date. "Within seconds, the botnet bombarded the Cloudflare edge with over 330 million attack requests," the company noted, at one point reaching a record high of 17.2 million requests-per-second, making it three times bigger than previously reported HTTP DDoS attacks.

Cloudflare announced Project Pangea, a new initiative to improve internet access for underserved communities around the world. This allows Cloudflare to offer a secure, affordable way to expand access to the internet that can grow with, and contribute to, the sustainability of these networks, as well as be ready for any new networks that launch.

Cloudflare announced that it is now listed in the FedRAMP marketplace, the federal government's rigorous cloud security assessment program. Reaching this final step before full FedRAMP authorization will allow more federal agencies to adopt Cloudflare's performance, security and zero trust solutions as part of their efforts to build a more secure and resilient infrastructure for the future.

Web infrastructure and website security company Cloudflare last month fixed a critical vulnerability in its CDNJS library that's used by 12.7% of all websites on the internet. CDNJS is a free and open-source content delivery network that serves about 4,041 JavaScript and CSS libraries, making it the second most popular CDN for JavaScript after Google Hosted Libraries.

Cloudflare has fixed a critical vulnerability in its free and open-source CDNJS potentially impacting 12.7% of all websites on the internet. CDNJS serves millions of websites with over 4,000 JavaScript and CSS libraries stored publicly on GitHub, making it the second-largest JavaScript CDN. The vulnerability exploits comprised publishing packages to Cloudflare's CDNJS using GitHub and npm, to trigger a Path Traversal vulnerability, and eventually remote code execution.

Cloudflare has fixed a critical vulnerability in its free and open-source CDNJS potentially impacting 12.7% of all websites on the internet. CDNJS serves millions of websites with over 4,000 JavaScript and CSS libraries stored publicly on GitHub, making it the second-largest JavaScript CDN. The vulnerability exploits comprised publishing packages to Cloudflare's CDNJS using GitHub and npm, to trigger a Path Traversal vulnerability, and eventually remote code execution.

Cloudflare, the security, performance, and reliability company, announced new integrations with Microsoft Azure Sentinel, Splunk, Datadog, and Sumo Logic to make it easier for businesses to connect and analyze key insights across their infrastructure. Now, businesses will be able to funnel security insights from Cloudflare directly into their preferred analytics platform to easily analyze in the context of their entire technology stack - without the cost or complexity of building custom integrations.

Cloudflare research engineer Thibault Meunier assumed that the average internet user sees a CAPTCHA once ever ten days and multiplied that by world's 4.6 billion internet users and Cloudflare's 32-second CAPTCHA-completion estimate to assert that humanity collectively spends 500 years every day completing CAPTCHAs. Cloudflare will initially support three - YubiKeys, HyperFIDO keys; and Thetis FIDO U2F. "Completing this flow takes five seconds," Meunier asserts in a post on Cloudflare's blog.

Cloudflare announced the appointment of Jonathon Dixon as Vice President and General Manager, Asia Pacific, bringing with him more than 20 years of enterprise leadership experience in the IT industry, working for companies including IBM, Cisco and Amazon Web Services. Today, Cloudflare's global network spans more than 200 cities in more than 100 countries, including 44 cities across Asia Pacific.

Cloudflare has released a new feature that aims to protect websites from Magecart and other malicious JavaScript-based attacks. A typical cyberattack is introducing malicious JavaScript onto a website to redirect visitors to malicious sites, display phishing forms, exploit vulnerabilities, and steal submitted payment information.