Security News

Cloudflare, an American company focused on web infrastructure and website security, has announced the launch of a new public bug bounty program. "Today we are launching Cloudflare's paid public bug bounty program," said Rushil Shah, a Product Security Engineer at Cloudflare.

Cloudflare is experiencing "Wide-spread" latency issues with their network and services, causing websites to load slowly and customers to experience performance issues accessing the customer dashboard. The issues started at around 3 PM EST and affect sites worldwide, including BleepingComputer.

Cyber insurance premiums are increasing and so is infosec's determination to get a slice of that pie: Cloudflare is partnering with Mandiant, Secureworks, and Crowdstrike in a "Rapid referral" partnership for under-attack companies. The move was announced today as Cloudflare claimed that insurance premiums "Have increased upwards of 50 per cent," with price hikes mainly hitting "The small and medium enterprises that find themselves as the common target for these cyber attacks."

Web infrastructure and website security company Cloudflare on Thursday disclosed that it mitigated the largest ever volumetric distributed denial of service attack recorded to date. "Within seconds, the botnet bombarded the Cloudflare edge with over 330 million attack requests," the company noted, at one point reaching a record high of 17.2 million requests-per-second, making it three times bigger than previously reported HTTP DDoS attacks.

Web infrastructure and website security company Cloudflare on Thursday disclosed that it mitigated the largest ever volumetric distributed denial of service attack recorded to date. "Within seconds, the botnet bombarded the Cloudflare edge with over 330 million attack requests," the company noted, at one point reaching a record high of 17.2 million requests-per-second, making it three times bigger than previously reported HTTP DDoS attacks.

Cloudflare announced Project Pangea, a new initiative to improve internet access for underserved communities around the world. This allows Cloudflare to offer a secure, affordable way to expand access to the internet that can grow with, and contribute to, the sustainability of these networks, as well as be ready for any new networks that launch.

Cloudflare announced that it is now listed in the FedRAMP marketplace, the federal government's rigorous cloud security assessment program. Reaching this final step before full FedRAMP authorization will allow more federal agencies to adopt Cloudflare's performance, security and zero trust solutions as part of their efforts to build a more secure and resilient infrastructure for the future.

Web infrastructure and website security company Cloudflare last month fixed a critical vulnerability in its CDNJS library that's used by 12.7% of all websites on the internet. CDNJS is a free and open-source content delivery network that serves about 4,041 JavaScript and CSS libraries, making it the second most popular CDN for JavaScript after Google Hosted Libraries.

Cloudflare has fixed a critical vulnerability in its free and open-source CDNJS potentially impacting 12.7% of all websites on the internet. CDNJS serves millions of websites with over 4,000 JavaScript and CSS libraries stored publicly on GitHub, making it the second-largest JavaScript CDN. The vulnerability exploits comprised publishing packages to Cloudflare's CDNJS using GitHub and npm, to trigger a Path Traversal vulnerability, and eventually remote code execution.

Cloudflare has fixed a critical vulnerability in its free and open-source CDNJS potentially impacting 12.7% of all websites on the internet. CDNJS serves millions of websites with over 4,000 JavaScript and CSS libraries stored publicly on GitHub, making it the second-largest JavaScript CDN. The vulnerability exploits comprised publishing packages to Cloudflare's CDNJS using GitHub and npm, to trigger a Path Traversal vulnerability, and eventually remote code execution.