The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Cybersecurity News and Analysis: Search results for CloudFlare

Serious Bug Exposes Sensitive Data From Millions Sites Sitting Behind CloudFlare

Serious Bug Exposes Sensitive Data From Millions Sites Sitting Behind CloudFlare

February 24, 2017Swati Khandelwal
A severe security vulnerability has been discovered in the CloudFlare content delivery network that has caused big-name websites to expose private session keys and other sensitive data. CloudFlare, a content delivery network (CDN) and web security provider that helps optimize safety and performance of over 5.5 Million websites on the Internet, is warning its customers of the critical bug that could have exposed a range of sensitive information, including passwords, and cookies and tokens used to authenticate users. Dubbed Cloudbleed , the nasty flaw is named after the Heartbleed bug that was discovered in 2014, but believed to be worse than Heartbleed. The vulnerability is so severe that it not only affects websites on the CloudFlare network but affects mobile apps as well. What exactly is "Cloudbleed," how it works, how are you affected by this bug, and how you can protect yourself? Let's figure it out. What is Cloudbleed? Discovered by Google Project Ze
Mozilla Launches 'Firefox Private Network' VPN Service as a Browser Extension

Mozilla Launches 'Firefox Private Network' VPN Service as a Browser Extension

September 11, 2019Swati Khandelwal
Mozilla has officially launched a new privacy-focused VPN service, called Firefox Private Network , as a browser extension that aims to encrypt your online activity and limit what websites and advertisers know about you. Firefox Private Network service is currently in beta and available only to desktop users in the United States as part of Mozilla's recently expunged "Firefox Test Pilot" program that lets users try out new experimental features before they were officially released. The Firefox Test Pilot program was first launched by the company three years ago but was shut down in January this year. The company now decided to bring the program back but with some changes. "The difference with the newly relaunched Test Pilot program is that these products and services may be outside the Firefox browser, and will be far more polished, and just one step shy of general public release," said Marissa Wood, vice president of product at Mozilla. Firefox
UGNazi hackers attack on CloudFlare via a flaw in Google

UGNazi hackers attack on CloudFlare via a flaw in Google

June 04, 2012Mohit Kumar
UGNazi hackers attack on CloudFlare via a flaw in Google After the FBI arrested Cosmo, the alleged leader of the UGNazi hacking group, the hackers attacked CloudFlare via a flaw in Google's two-factor authentication system. The CloudFlare hack allowed UGNazi to change the DNS for 4chan, so visitors to the site were redirected to a UGNazis Twitter account. Hackers were able to infiltrate the personal Gmail account of CloudFlare CEO Matthew Prince. "The attack was the result a compromise of Google's account security procedures that allowed the hacker to eventually access to my CloudFlare.com email addresses, which runs on Google Apps," CloudFare's CEO Matthew Prince shared . According to the statement on Pastebin , the hackers are not sorry for attacking 4chan.  4chan.org is the playground that allows pedophiles to share their "collections" and the disgusting bronies to hang out. The site is loosely monitored and child porn threads are allowed to &quo
Nearly 2000 WordPress Websites Infected with a Keylogger

Nearly 2000 WordPress Websites Infected with a Keylogger

January 29, 2018Swati Khandelwal
More than 2,000 WordPress websites have once again been found infected with a piece of crypto-mining malware that not only steals the resources of visitors' computers to mine digital currencies but also logs visitors' every keystroke. Security researchers at Sucuri discovered a malicious campaign that infects WordPress websites with a malicious script that delivers an in-browser cryptocurrency miner from CoinHive and a keylogger. Coinhive is a popular browser-based service that offers website owners to embed a JavaScript to utilise CPUs power of their website visitors in an effort to mine the Monero cryptocurrency. Sucuri researchers said the threat actors behind this new campaign is the same one who infected more than 5,400 Wordpress websites last month since both campaigns used keylogger/cryptocurrency malware called cloudflare[.]solutions. Spotted in April last year, Cloudflare[.]solutions is cryptocurrency mining malware and is not at all related to network
Cloudflare Thwarts Record DDoS Attack Peaking at 15 Million Requests Per Second

Cloudflare Thwarts Record DDoS Attack Peaking at 15 Million Requests Per Second

April 27, 2022Ravie Lakshmanan
Cloudflare on Wednesday disclosed that it acted to mitigate a 15.3 million request-per-second (RPS) distributed denial-of-service (DDoS) attack. The web infrastructure and website security company called it one of the "largest HTTPS DDoS attacks on record."  "HTTPS DDoS attacks are more expensive in terms of required computational resources because of the higher cost of establishing a secure TLS encrypted connection," Cloudflare's Omer Yoachimik and Julien Desgats  said . "Therefore it costs the attacker more to launch the attack, and for the victim to mitigate it." The volumetric DDoS attack is said to have lasted less than 15 seconds and targeted an unnamed Cloudflare customer operating a crypto launchpad.  Volumetric DDoS attacks are designed to overwhelm a target network/service with significantly high volumes of malicious traffic, which typically originate from a botnet under a threat actor's control. Cloudflare said the latest attack w
Alert : Phishing scam targeting CloudFlare Customers

Alert : Phishing scam targeting CloudFlare Customers

November 12, 2012Mohit Kumar
From Yesterday CloudFlare Security team receiving various reports of a Phishing Scam, which is targeting customers by saying that " you have exceeded bandwidth ". In a blog post , CloudFlare said, " Some CloudFlare customers are currently being targeted with a phishing email that was not sent by CloudFlare. Please do not click on the links in the email. " Scammer asking users to visit a phishing link (removed from sample for readers security). In case you open the URL, we request you to do not enter your username and password in the URL. Please choose a strong password for CloudFlare to save your Domains.
The Pirate Bay relaunch is FBI's Honeypot? Pirate Bay Team Responds,'NO WAY'

The Pirate Bay relaunch is FBI's Honeypot? Pirate Bay Team Responds,'NO WAY'

February 04, 2015Mohit Kumar
After almost two months of untimely and unexpected outage, The Pirate Bay (TPB) finally came back this weekend. But the re-launch of the infamous torrent-indexing website raised a question among those suspicious about this new setup — Is it really The Pirate Bay? A few days back we reported that The Pirate Bay – a widely popular file-sharing website predominantly used to share copyrighted material free of charge – had made its return to the Internet once again after suffering two months of outage following a police raid in Sweden late last year. Many users, including I, thought the site left dead as last took down was the longest outage the torrenting site has ever experienced. But history repeats and The Pirate Bay made its way a day before it claimed. Pirate lovers around the world rejoiced while others noticed something very suspicious. IS THE FBI RUNNING THE PIRATE BAY ? The truth behind The Pirate Bay , like who was driving the re-emergence of the site or who w
Cloudflare mitigated one of the largest DDoS attack involving 17.2 million rps

Cloudflare mitigated one of the largest DDoS attack involving 17.2 million rps

August 20, 2021Ravie Lakshmanan
Web infrastructure and website security company Cloudflare on Thursday disclosed that it mitigated the largest ever volumetric distributed denial of service (DDoS) attack recorded to date. The attack, launched via a Mirai botnet, is said to have targeted an unnamed customer in the financial industry last month. "Within seconds, the botnet bombarded the Cloudflare edge with over 330 million attack requests," the company  noted , at one point reaching a record high of 17.2 million requests-per-second (rps), making it three times bigger than previously reported HTTP DDoS attacks. Volumetric DDoS attacks are designed to target a specific network with an intention to overwhelm its bandwidth capacity and often utilize  reflective amplification techniques  to scale their attack and cause as much operational disruption as possible. They also typically originate from a network of malware-infected systems — consisting of computers, servers, and IoT devices — enabling threat actors
How to Make Your Internet Faster with Privacy-Focused 1.1.1.1 DNS Service

How to Make Your Internet Faster with Privacy-Focused 1.1.1.1 DNS Service

April 02, 2018Mohit Kumar
Cloudflare, a well-known Internet performance and security company, announced the launch of 1.1.1.1 —world's fastest and privacy-focused secure DNS service that not only speeds up your internet connection but also makes it harder for ISPs to track your web history. Domain Name System (DNS) resolver, or recursive DNS server, is an essential part of the internet that matches up human-readable web addresses with their actual location on the internet, called IP addresses. For example, when you try to open a website, say thehackernews.com, your DNS looks up for the IP address linked to this domain name and load the site. Since the default DNS services provided by ISPs are often slow and insecure, most people rely on alternative DNS providers—such as OpenDNS (208.67.222.222), Comodo DNS (8.26.56.26) and Google (8.8.8.8), to speed up their Internet. But if you use Cloudflare new 1.1.1.1 DNS service , your computer/smartphone/tablet will start resolving domain names within a bla
Largest Ever 400Gbps DDoS attack hits Europe uses NTP Amplification

Largest Ever 400Gbps DDoS attack hits Europe uses NTP Amplification

February 12, 2014Swati Khandelwal
The Distributed Denial of Service (DDoS) attack is the one of favourite weapon for the hackers to temporarily suspend services of a host connected to the Internet and till now nearly every big site had been a victim of this attack. Since 2013, Hackers have adopted new tactics to boost Distributed Denial of Service attack sizes, which is known as ' Amplification Attack ', that provide the benefits of obscuring the source of the attack, while enabling the bandwidth to be used to multiply the size of the attack. Just yesterday, hackers have succeeded in reaching new heights of the massive DDoS attack targeting content-delivery and anti-DDoS protection firm CloudFlare , reaching more than 400Gbps at its peak of traffic, striking at the company's data servers in Europe. " Very big NTP reflection attack hitting us right now. Appears to be bigger than the #Spamhaus attack from last year. Mitigating ," CloudFlare CEO Matthew Price said in a tweet. " Someone's got a big, new can
Memcached Servers Abused for Massive Amplification DDoS Attacks

Memcached Servers Abused for Massive Amplification DDoS Attacks

February 27, 2018Swati Khandelwal
Cybercriminals have figured out a way to abuse widely-used Memcached servers to launch over 51,000 times powerful DDoS attacks than their original strength, which could result in knocking down of major websites and Internet infrastructure. In recent days, security researchers at Cloudflare , Arbor Networks , and Chinese security firm Qihoo 360 noticed that hackers are now abusing "Memcached" to amplify their DDoS attacks by an unprecedented factor of 51,200. Memcached is a popular open-source and easily deployable distributed caching system that allows objects to be stored in memory and has been designed to work with a large number of open connections. Memcached server runs over TCP or UDP port 11211. The Memcached application has been designed to speed up dynamic web applications by reducing stress on the database that helps administrators to increase performance and scale web applications. It's widely used by thousands of websites, including Facebook, Flickr,
Cloudflare Saw Record-Breaking DDoS Attack Peaking at 26 Million Request Per Second

Cloudflare Saw Record-Breaking DDoS Attack Peaking at 26 Million Request Per Second

June 14, 2022Ravie Lakshmanan
Cloudflare on Tuesday disclosed that it had acted to prevent a record-setting 26 million request per second (RPS) distributed denial-of-service (DDoS) attack last week, making it the largest HTTPS DDoS attack detected to date. The web performance and security company said the attack was directed against an unnamed customer website using its Free plan and emanated from a "powerful" botnet of 5,067 devices, with each node generating approximately 5,200 RPS at peak. The botnet is said to have created a flood of more than 212 million HTTPS requests within less than 30 seconds from over 1,500 networks in 121 countries, including Indonesia, the U.S., Brazil, Russia, and India. Roughly 3% of the attack came through Tor nodes. The attack "originated mostly from Cloud Service Providers as opposed to Residential Internet Service Providers, indicating the use of hijacked virtual machines and powerful servers to generate the attack — as opposed to much weaker Internet of Things
Hacker Hijacks CoinHive's DNS to Mine Cryptocurrency Using Thousands of Websites

Hacker Hijacks CoinHive's DNS to Mine Cryptocurrency Using Thousands of Websites

October 24, 2017Mohit Kumar
When yesterday I was reporting about the sudden outbreak of another global ransomware attack ' Bad Rabbit ,' I thought what could be worse than this? Then late last night I got my answer with a notification that Coinhive has been hacked — a popular browser-based service that offers website owners to embed a JavaScript to utilise their site visitors' CPUs power to mine the Monero cryptocurrency for monetisation. Reportedly an unknown hacker managed to hijack Coinhive's CloudFlare account that allowed him/her to modify its DNS servers and replace Coinhive's official JavaScript code embedded into thousands of websites with a malicious version. https://coin-hive[.]com/lib/coinhive.min.js Hacker Reused Leaked Password from 2014 Data Breach Apparently, hacker reused an old password to access Coinhive's CloudFlare account that was leaked in the Kickstarter data breach in 2014. "Tonight, Oct. 23th at around 22:00 GMT our account for our DNS provi
CloudFlare CDNJS Bug Could Have Led to Widespread Supply-Chain Attacks

CloudFlare CDNJS Bug Could Have Led to Widespread Supply-Chain Attacks

July 17, 2021Ravie Lakshmanan
Web infrastructure and website security company Cloudflare last month fixed a critical vulnerability in its CDNJS library that's  used by 12.7% of all websites  on the internet. CDNJS is a free and open-source content delivery network (CDN) that serves about  4,041 JavaScript and CSS libraries , making it the  second most popular  CDN for JavaScript after Google Hosted Libraries. The weakness concerned an issue in the CDNJS library update server that could potentially allow an attacker to execute arbitrary commands, leading to a complete compromise. The vulnerability was discovered and reported by security researcher RyotaK on April 6, 2021. There is no evidence of in-the-wild attacks abusing this flaw. Specifically, the vulnerability works by publishing packages to Cloudflare's CDNJS using GitHub and npm, using it to trigger a  path traversal vulnerability , and ultimately trick the server into executing arbitrary code, thus achieving remote code execution. It's wor
Firefox enables DNS-over-HTTPS by default (with Cloudflare) for all U.S. users

Firefox enables DNS-over-HTTPS by default (with Cloudflare) for all U.S. users

February 25, 2020Mohit Kumar
If you use the Firefox web browser, here's an important update that you need to be aware of. Starting today, Mozilla is activating the DNS-over-HTTPS security feature by default for all Firefox users in the U.S. by automatically changing their DNS server configuration in the settings. That means, from now onwards, Firefox will send all your DNS queries to the Cloudflare DNS servers instead of the default DNS servers set by your operating system, router, or network provider. As you may know, DNS-over-HTTPS (DoH) protocol performs DNS lookups — i.e., finding the server I.P. address of a certain domain name — over an encrypted connection to a DNS server rather than sending queries in the plaintext. This privacy-focused technology makes it harder for man-in-the-middle attackers, including your ISPs, to manipulate DNS queries, eavesdrop on your Internet connection, or learning what sites you visit. "This helps hide your browsing history from attackers on the network,
World's biggest DDoS attack that Almost Broke the Internet

World's biggest DDoS attack that Almost Broke the Internet

March 29, 2013Mohit Kumar
The last week has seen probably the largest distributed denial-of-service (DDoS) attack ever. A massive 300Gbps was thrown against Internet blacklist maintainer Spamhaus' website but the anti-spam organisation , CloudFlare was able to recover from the attack and get its core services back up and running.  Spamhaus, a group based in both London and Geneva, is a non-profit organisation that aims to help email providers filter out spam and other unwanted content. Spamhaus is pretty resilient, as its own network is distributed across many countries, but the attack was still enough to knock its site offline on March 18. Five national cyber-police-forces are investigating the attacks.  A group calling itself STOPhaus,  an alliance of hactivists and cyber criminals is believed to responsible for bombarding Spamhaus with up to 300Gbps. The attacks on Spamhaus illustrate a larger problem with the vulnerability of systems fundamental to the architecture of the Internet, the D
Hackers Targeting Myanmar Use Domain Fronting to Hide Malicious Activities

Hackers Targeting Myanmar Use Domain Fronting to Hide Malicious Activities

November 17, 2021Ravie Lakshmanan
A malicious campaign has been found leveraging a technique called domain fronting to hide command-and-control traffic by leveraging a legitimate domain owned by the Myanmar government to route communications to an attacker-controlled server with the goal of evading detection. The threat, which was observed in September 2021, deployed Cobalt Strike payloads as a stepping stone for launching further attacks, with the adversary using a domain associated with the Myanmar Digital News network, a state-owned digital newspaper, as a front for their Beacons. "When the Beacon is launched, it will submit a DNS request for a legitimate high-reputation domain hosted behind Cloudflare infrastructure and modify the subsequent HTTPs requests header to instruct the CDN to direct the traffic to an attacker-controlled host," Cisco Talos researchers Chetan Raghuprasad, Vanja Svajcer, and Asheer Malhotra  said  in a technical analysis published Tuesday. Originally released in 2012 to addres
Here's How to Find if WhatsApp Web Code on Your Browser Has Been Hacked

Here's How to Find if WhatsApp Web Code on Your Browser Has Been Hacked

March 10, 2022Ravie Lakshmanan
Meta Platforms' WhatsApp and Cloudflare have banded together for a new initiative called Code Verify to validate the authenticity of the messaging service's web app on desktop computers. Available in the form of a Chrome and Edge  browser extension , the  open-source add-on  is designed to "automatically verif[y] the authenticity of the WhatsApp Web code being served to your browser," Facebook  said  in a statement. The goal with Code Verify is to confirm the integrity of the web application and ensure that it hasn't been tampered with to inject malicious code. The social media company is also planning to release Firefox and Safari plugins to achieve the same level of security across browsers. The system works with Cloudflare acting as a third-party audit to compare the cryptographic hash of WhatsApp Web's JavaScript code that's shared by Meta with that of a locally computed hash of the code running on the browser client. Code Verify is also meant t
Web Hosting software WHMCS vulnerable to SQL Injection; emergency security update released

Web Hosting software WHMCS vulnerable to SQL Injection; emergency security update released

October 05, 2013Mohit Kumar
WHMCS, a popular client management, billing and support application for Web hosting providers, released an emergency security update for the 5.2 and 5.1 minor releases, to patch a critical vulnerability that was publicly disclosed. The vulnerability was publicly posted by a user named as ' localhost ' on October 3rd, 2013 and also reported by several users on various Hosting related Forums . He also released a  proof-of-concept exploit code  for this SQL injection vulnerability in WHMCS. WHMCS says , as the updates have " critical security impacts .", enables attackers to execute SQL injection attacks against WHMCS deployments in order to extract or modify sensitive information from their databases i.e. Including information about existing accounts, their hashed passwords, which can result in the compromise of the administrator account. Yesterday a group of Palestinian hackers , named as KDMS Team  possibly used the same vulnerability against one of the largest Host
Explained: How New 'Delegated Credentials' Boosts TLS Protocol Security

Explained: How New 'Delegated Credentials' Boosts TLS Protocol Security

November 06, 2019Mohit Kumar
Mozilla, in partnership with Facebook, Cloudflare, and other IETF community members, has announced technical specifications for a new cryptographic protocol called " Delegated Credentials for TLS ." Delegated Credentials for TLS is a new simplified way to implement "short-lived" certificates without sacrificing the reliability of secure connections. In short, the new TLS protocol extension aims to effectively prevent the misuse of stolen certificates by reducing their maximum validity period to a very short span of time, such as a few days or even hours. Before jumping into how Delegated Credentials for TLS works, you need to understand the current TLS infrastructure, and of course, about the core problem in it because of which we need Delegated Credentials for TLS. The Current TLS Infrastructure More than 70% of all websites on the Internet today use TLS certificates to establish a secure line of HTTPS communication between their servers and visitors,
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.