Today we’re excited to announce Cloudflare’s partnership with Jamf to extend Cloudflare’s Zero Trust Solutions to Jamf customers. This unique offering will enable Jamf customers to easily implement network Data Loss Prevention (DLP), Remote Browser Isolation (RBI), and SaaS Tenancy Controls from Cloudflare to prevent sensitive data loss from their Apple devices. Jamf is a […]
Cloudflare Zaraz steps up: general availability and new pricing
This post is also available in Deutsch, Français. Cloudflare Zaraz has transitioned out of beta and is now generally available to all customers. It is included under the free, paid, and enterprise plans of the Cloudflare Developer Platform. Visit our docs to learn more on our different plans. Zaraz Is part of Cloudflare Developer Platform […]
Massive Google Colaboratory Abuse: Gambling and Subscription Scam
This investigation started with a small and quite simple piece of PHP malware found on a hacked website. We located the following PHP code, responsible for injecting spammy links, within a wp-includes.php file: <?php $lines = file(‘https://4ip[.]su/db/links.txt’); shuffle($lines); $data = array_rand($lines, 900); echo ‘ ‘; foreach($data as $value) { $rand = substr(md5(microtime()),rand(0,26),6); echo ‘‘.$rand.’ ‘; […]
Informe sobre las amenazas DDoS en el 2º trimestre de 2023
Te damos la bienvenida al segundo informe sobre amenazas DDoS de 2023. Los ataques DDoS, o ataques de denegación de servicio distribuido, son un tipo de ciberataque cuyo objetivo es sobrecargar de tráfico sitios web (y otros tipos de propiedades de Internet) para interrumpir el funcionamiento normal y que los usuarios legítimos no puedan acceder […]
DDoS threat report for 2023 Q2
Welcome to the second DDoS threat report of 2023. DDoS attacks, or distributed denial-of-service attacks, are a type of cyber attack that aims to disrupt websites (and other types of Internet properties) to make them unavailable for legitimate users by overwhelming them with more traffic than they can handle — similar to a driver stuck […]
Malicious Injection Redirects Traffic via Parked Domain
During a recent investigation, our malware remediation team encountered a variant of a common malware injection that has been active since at least 2017. The malware was found hijacking the website’s traffic, redirecting visitors via a parked third-party domain to generate ad revenue. Investigating obfuscated JavaScript Our investigation revealed the following piece of obfuscated JavaScript […]
DLP Exact Data Match beta now available
The most famous data breaches–the ones that keep security practitioners up at night–involved the leak of millions of user records. Companies have lost names, addresses, email addresses, Social Security numbers, passwords, and a wealth of other sensitive information. Protecting this data is the highest priority of most security teams, yet many teams still struggle to […]
How to Harden WordPress: A Basic Overview
Out-of-the-box security configurations tend to not be very secure. This is usually true for all software and WordPress is no exception. Best practices suggest you take a few of these steps to harden WordPress and protect your environment against bad bots, brute force, and other automated attacks. For example, the WordPress login page is – […]
Bring your own CA for client certificate validation with API Shield
APIs account for more than half of the total traffic of the Internet. They are the building blocks of many modern web applications. As API usage grows, so does the number of API attacks. And so now, more than ever, it’s important to keep these API endpoints secure. Cloudflare’s API Shield solution offers a comprehensive […]
Connection errors in Asia Pacific region on July 9, 2023
On Sunday, July 9, 2023, early morning UTC time, we observed a high number of DNS resolution failures — up to 7% of all DNS queries across the Asia Pacific region — caused by invalid DNSSEC signatures from Verisign .com and .net Top Level Domain (TLD) nameservers. This resulted in connection errors for visitors of […]
