Daniel Stinson-Diess

The mechanics of a sophisticated phishing scam and how we stopped it

2022-08-09

Security Post Mortem Phishing Cloudflare Gateway Cloudflare Access

Yesterday, August 8, 2022, Twilio shared that they’d been compromised by a targeted phishing attack. Around the same time as Twilio was attacked, we saw an attack with very similar characteristics also targeting Cloudflare’s employees...

Cloudflare observations of Confluence zero day (CVE-2022-26134)

2022-06-05

Vulnerabilities WAF Zero Day Threats

UTC Atlassian released a Security Advisory relating to a remote code execution (RCE) vulnerability affecting Confluence Server and Confluence Data Center products....

Cloudflare customers are protected from the Atlassian Confluence CVE-2022-26134

2022-06-03

Vulnerabilities CVE

On June 02, 2022 Atlassian released a security advisory for their Confluence Server and Data Center applications, highlighting a critical severity unauthenticated remote code execution vulnerability....

Cloudflare’s investigation of the January 2022 Okta compromise

2022-03-22

Okta Security Post Mortem

Today at 03:30 UTC we learnt of a compromise of Okta. We use Okta internally for employee identity as part of our authentication stack. We have investigated this compromise carefully and do not believe we have been compromised as a result...