March 4, 2024 at 08:41PM Cloudflare introduces “Firewall for AI,” offering Advanced Rate Limiting to prevent DDoS attacks and Sensitive Data Detection to protect against data leaks. The feature also allows customization of information disclosure, with plans to include prompt validation and offensive topic blocking. It applies to both public and private language models proxied … Read more
February 22, 2024 at 12:45PM Tens of thousands of U.S. customers from Verizon, T-Mobile, and AT&T are experiencing a nationwide outage, impacting both outgoing and incoming calls, including to 911 services. Data loss and service interruptions were reported across various states, prompting companies to advise the use of WiFi calling. The cause of the outages … Read more
February 13, 2024 at 06:39AM The Midnight Blizzard and Cloudflare-Atlassian cyber incidents highlight the vulnerabilities in major SaaS platforms and the complex security challenges they face. Russian hackers breached Microsoft by leveraging legacy accounts and OAuth tokens. Cloudflare’s Atlassian systems were compromised due to unchanged Okta credentials. Such breaches emphasize the need for continuous monitoring … Read more
February 4, 2024 at 12:19PM Cloudflare disclosed a likely nation-state cyber attack involving unauthorized access to its Atlassian server, leading to exposure of documentation and source code. The breach led to rotating production credentials, system triages, and termination of malicious connections. The attacker exploited stolen credentials from other hacks, prompting increased security measures and engaging … Read more
February 1, 2024 at 08:20PM Cloudflare revealed that suspected government spies infiltrated their system by using credentials stolen from the October 2023 Okta security breach. The intruders gained access to Atlassian and other systems, potentially extracting source code and sensitive information. Cloudflare, assisted by a security firm, is working to bolster their security measures following … Read more
February 1, 2024 at 03:59PM Cloudflare revealed today that its internal Atlassian server was infiltrated by a ‘nation state’ attacker, who gained access to its Confluence wiki, Jira bug database, and Atlassian Bitbucket source code management system. The company detected the breach on November 23, severed access on November 24, and assured that customer data … Read more
November 22, 2023 at 11:14AM Blender, the 3D design suite, has confirmed that recent site outages were caused by ongoing DDoS attacks. The attacks started on Saturday and have severely disrupted operations. Attempts to block the attackers have been unsuccessful, with over 240 million bogus requests directed at Blender’s servers. The main website has been … Read more
October 26, 2023 at 10:06AM Cloudflare has reported mitigating thousands of distributed denial-of-service (DDoS) attacks that exploited the recently disclosed HTTP/2 Rapid Reset flaw. Among these attacks, 89 exceeded 100 million requests per second. The total number of HTTP DDoS attack requests in Q3 2023 reached 8.9 trillion, representing a significant increase compared to previous … Read more
October 10, 2023 at 07:58PM Microsoft has released over 100 security updates, including fixes for two bugs that are already being actively exploited. One of the vulnerabilities, known as Rapid Reset, is an HTTP/2 weakness that has been used since August to launch distributed denial of service (DDoS) attacks. Microsoft WordPad also has an information … Read more
October 10, 2023 at 03:35PM A new zero-day attack named “HTTP/2 Rapid Reset” has exploited a security vulnerability, resulting in a record-breaking distributed denial-of-service (DDoS) flood. The attack targeted cloud and Internet infrastructure providers and lasted for minutes. The attack utilized a bug in the HTTP/2 protocol, affecting about 60% of web applications. While mitigation … Read more