‘LockBit of phishing’ EvilProxy used in more than a million attacks every month

July 30, 2024 at 10:37AM EvilProxy, a phishing kit known as the “LockBit of phishing,” is being used to launch attacks using legitimate Cloudflare services to disguise malicious traffic. Criminals are offered customer support, videos, and guides to launch campaigns and disguise their activity. Notable threat actors, TA4903 and TA577, have adopted EvilProxy for their … Read more

Polyfill Domain Shut Down as Owner Disputes Accusations of Malicious Activity

June 28, 2024 at 05:48AM The polyfill.io domain was suspended due to reports of malicious activity, with the Chinese owner claiming defamation. The domain was used to host polyfills, but reports of potential supply chain risks surfaced. Industry players like Google and Cloudflare took action, redirecting links and warning users. Funnull, the Chinese content delivery … Read more

Polyfill.io owner punches back at ‘malicious defamation’ amid domain shutdown

June 27, 2024 at 11:56PM After its website shutdown, Polyfill.io’s owner battles accusations of distributing suspicious code on various websites. Anger-fueled social media posts target CDN titan Cloudflare and media for “malicious defamation.” Experts and a domain registrar warn of supply chain risks. The site has relocated to polyfill[.]com. Cloudflare also launches a JavaScript URL … Read more

FlyingYeti phishing crew grounded after abominable Ukraine attacks

May 31, 2024 at 02:38AM Cloudflare’s threat intel team thwarted a month-long phishing and espionage attack targeting Ukraine, attributed to Russia-aligned group FlyingYeti. The attack targeted financially strained citizens after a government moratorium on evictions and utility disconnections ended. Cloudforce One stopped the threat, but the target base might have been vast. FlyingYeti intended to … Read more

FlyingYeti Exploits WinRAR Vulnerability to Deliver COOKBOX Malware in Ukraine

May 30, 2024 at 01:27PM Cloudflare disrupted a phishing campaign by Russia-aligned threat actor FlyingYeti targeting Ukraine. The campaign used debt-themed lures to distribute the PowerShell malware COOKBOX. Cloudforce One identified the campaign in mid-April 2024, involving Cloudflare Workers and GitHub, and exploiting a WinRAR vulnerability. Another financially motivated group, UAC-0006, was also identified by … Read more

Cloudflare Expands Zero Trust Capabilities with Acquisition of BastionZero

May 30, 2024 at 01:21PM Cloudflare announced the acquisition of BastionZero, a seed-stage startup based in Boston, Mass. The financial terms were not disclosed. BastionZero’s technology offers remote access to infrastructure for backend and cloud engineering teams. The acquisition fits into Cloudflare’s plan to extend its Zero Trust Network Access flows and enhance its VPN … Read more

ASEAN organizations dealing with growing cyber menace

May 12, 2024 at 10:55PM Security experts warn of increasing cyber threats in the Asia Pacific, with 78% of cybersecurity professionals in the region reporting incidents in the past year. Cloudflare advocates for a centralized approach to security, offering Everywhere Security platform to mitigate cyber-attacks in distributed work environments. This aligns with ASEAN Digital Masterplan … Read more

New Latrodectus malware attacks use Microsoft, Cloudflare themes

April 30, 2024 at 06:15PM The Latrodectus malware is being distributed through phishing emails using Microsoft Azure and Cloudflare lures to appear legitimate and evade security software. This Windows malware downloader, linked to the IcedID malware developers, is increasingly used for phishing campaigns, contact form spam, and initial corporate network access. Infections can lead to … Read more

ChatGPT side-channel attack has easy fix: token obfuscation

March 17, 2024 at 10:37PM Recently, a new AI side-channel vulnerability was discovered, allowing attackers to intercept tokens from non-Google ChatGPT derivatives during chat sessions. Researchers at Ben Gurion University successfully reconstructed AI responses and inferred topics. Cloudflare addressed the issue by padding its tokens and deploying the fix to its products. Additionally, an infostealer … Read more

Creating Security Through Randomness

March 8, 2024 at 11:41AM Cloudflare’s San Francisco office features a wall of 100 lava lamps, known as the Wall of Entropy, used to generate randomness for encrypting internet traffic. The lamps’ changing patterns provide physical entropy, enhanced by human movement and changing light conditions. This initiative is part of the League of Entropy, a … Read more