MORE POSTS
April 24, 2018 10:31 PM
BGP leaks and cryptocurrencies
Over the few last hours, a dozen news stories have broken about how an attacker attempted (and perhaps managed) to steal cryptocurrencies using a BGP leak....
April 20, 2018 4:14 PM
Keeping Drupal sites safe with Cloudflare's WAF
Cloudflare’s team of security analysts monitor for upcoming threats and vulnerabilities and where possible put protection in place for upcoming threats before they compromise our customers....
March 29, 2018 4:10 AM
Cloudflare is adding Drupal WAF Rule to Mitigate Critical Drupal Exploit
Drupal has recently announced an update to fix a critical remote code execution exploit (SA-CORE-2018-002/CVE-2018-7600). This patch is to disallow forms and form fields from starting with the “#” character....
February 27, 2018 2:38 PM
Memcrashed - Major amplification attacks from UDP port 11211
Over last couple of days we've seen a big increase in an obscure amplification attack vector - using the memcached protocol, coming from UDP port 11211. In the past, we have talked a lot about amplification attacks happening on the internet. ...
January 19, 2018 5:38 PM
Web Cache Deception Attack revisited
In April, we wrote about Web Cache Deception attacks, and how our customers can avoid them using origin configuration. Since our previous blog post, we have looked for but have not seen any large scale attacks like this in the wild....
January 18, 2018 12:06 PM
However improbable: The story of a processor bug
Processor problems have been in the news lately, due to the Meltdown and Spectre vulnerabilities. But generally, engineers writing software assume that computer hardware operates in a reliable, well-understood fashion, and that any problems lie on the software side of the softwar...
January 08, 2018 6:57 PM
An Explanation of the Meltdown/Spectre Bugs for a Non-Technical Audience
Last week the news of two significant computer bugs was announced. They've been dubbed Meltdown and Spectre and they take advantage of very technical systems that modern CPUs have implemented to make computers extremely fast. ...
December 22, 2017 2:17 PM
Technical reading from the Cloudflare blog for the holidays
During 2017 Cloudflare published 172 blog posts (including this one). If you need a distraction from the holiday festivities at this time of year here are some highlights from the year....
December 14, 2017 7:41 PM
Inside the infamous Mirai IoT Botnet: A Retrospective Analysis
This post provides a retrospective analysis of Mirai — the infamous Internet-of-Things botnet that took down major websites via massive distributed denial-of-service using hundreds of thousands of compromised Internet-Of-Things devices....
November 13, 2017 4:09 PM
Thwarting the Tactics of the Equifax Attackers
We are now 3 months on from one of the biggest, most significant data breaches in history, but has it redefined people's awareness on security?...
August 28, 2017 2:00 PM
The WireX Botnet: How Industry Collaboration Disrupted a DDoS Attack
On August 17th, 2017, multiple Content Delivery Networks (CDNs) and content providers were subject to significant attacks from a botnet dubbed WireX. ...
February 01, 2017 4:53 PM
Protecting everyone from WordPress Content Injection
Today a severe vulnerability was announced by the WordPress Security Team that allows unauthenticated users to change content on a site using unpatched (below version 4.7.2) WordPress....
July 18, 2016 3:26 PM
CloudFlare sites protected from httpoxy
We have rolled out automatic protection for all customers for the the newly announced vulnerability called httpoxy....
June 21, 2016 6:03 AM
A Post Mortem on this Morning's Incident
We would like to share more details with our customers and readers on the internet outages that occurred this morning and earlier in the week, and what we are doing to prevent these from happening again....