Security News

Web infrastructure and website security company Cloudflare last month fixed a critical vulnerability in its CDNJS library that's used by 12.7% of all websites on the internet. CDNJS is a free and open-source content delivery network that serves about 4,041 JavaScript and CSS libraries, making it the second most popular CDN for JavaScript after Google Hosted Libraries.

Cloudflare has fixed a critical vulnerability in its free and open-source CDNJS potentially impacting 12.7% of all websites on the internet. CDNJS serves millions of websites with over 4,000 JavaScript and CSS libraries stored publicly on GitHub, making it the second-largest JavaScript CDN. The vulnerability exploits comprised publishing packages to Cloudflare's CDNJS using GitHub and npm, to trigger a Path Traversal vulnerability, and eventually remote code execution.

Cloudflare has fixed a critical vulnerability in its free and open-source CDNJS potentially impacting 12.7% of all websites on the internet. CDNJS serves millions of websites with over 4,000 JavaScript and CSS libraries stored publicly on GitHub, making it the second-largest JavaScript CDN. The vulnerability exploits comprised publishing packages to Cloudflare's CDNJS using GitHub and npm, to trigger a Path Traversal vulnerability, and eventually remote code execution.

Cloudflare, the security, performance, and reliability company, announced new integrations with Microsoft Azure Sentinel, Splunk, Datadog, and Sumo Logic to make it easier for businesses to connect and analyze key insights across their infrastructure. Now, businesses will be able to funnel security insights from Cloudflare directly into their preferred analytics platform to easily analyze in the context of their entire technology stack - without the cost or complexity of building custom integrations.

Cloudflare research engineer Thibault Meunier assumed that the average internet user sees a CAPTCHA once ever ten days and multiplied that by world's 4.6 billion internet users and Cloudflare's 32-second CAPTCHA-completion estimate to assert that humanity collectively spends 500 years every day completing CAPTCHAs. Cloudflare will initially support three - YubiKeys, HyperFIDO keys; and Thetis FIDO U2F. "Completing this flow takes five seconds," Meunier asserts in a post on Cloudflare's blog.

Cloudflare announced the appointment of Jonathon Dixon as Vice President and General Manager, Asia Pacific, bringing with him more than 20 years of enterprise leadership experience in the IT industry, working for companies including IBM, Cisco and Amazon Web Services. Today, Cloudflare's global network spans more than 200 cities in more than 100 countries, including 44 cities across Asia Pacific.

Cloudflare has released a new feature that aims to protect websites from Magecart and other malicious JavaScript-based attacks. A typical cyberattack is introducing malicious JavaScript onto a website to redirect visitors to malicious sites, display phishing forms, exploit vulnerabilities, and steal submitted payment information.

Cloudflare announced Cloudflare Data Loss Prevention, a network-wide data loss prevention solution that protects all traffic routed through Cloudflare's global network from data loss and help businesses protect all of their information. Cloudflare DLP will sit between the corporate network and any applications employees use, to provide a layer of protection and control over all data entering or leaving the network.

Cloudflare launched Cloudflare Browser Isolation, a new zero trust service to make everyday web browsing safer and faster for all businesses, regardless of where their employees are. As businesses rely on employees working directly in browsers, Cloudflare Browser Isolation keeps them safe by creating a gap between end-user devices and potential threats.

In a bid to replace MPLS circuits and SD-WAN appliances, Cloudflare has introduced Magic WAN and Magic Firewall and partnerships with VMware, Aruba, Digital Realty, CoreSite and EdgeConneX. Cloudflare Monday introduced Magic WAN with Magic Firewall as well as new strategic partnerships with network hardware and data center providers as part of Cloudflare One, its cloud-based network-as-a-service offering released in October 2020. Magic WAN connects any source of data traffic-data centers, offices, devices, cloud apps, etc.