Phishing Empire Runs Undetected on Google, Cloudflare
What's believed to be a global phishing-as-a-service enterprise using cloaking techniques has been riding on public cloud infrastructure for more than 3 years.
Stay secure online with the latest Cloudflare updates and insights in information security, protecting websites and networks from threats.
Search across headline titles and summaries.
Background for this topic.
Cloudflare operates a global content delivery and security network that sits between internet users and websites or services. It provides distributed denial-of-service (DDoS) mitigation, web application firewall (WAF) capabilities, and secure DNS resolution, helping to filter malicious traffic and improve site availability. By proxying traffic through its edge servers, Cloudflare can inspect, block, or rate-limit requests based on threat intelligence and configured security policies.
From an information security perspective, Cloudflare’s platform introduces critical considerations around trust and attack surface. Organizations relying on it must monitor for vulnerabilities in its software stack and configuration errors that could expose sensitive data or allow bypass of protections. Additionally, Cloudflare’s role as a traffic intermediary means that any compromise or misconfiguration could impact confidentiality and integrity of data in transit, making careful management of encryption and access controls essential.
What's believed to be a global phishing-as-a-service enterprise using cloaking techniques has been riding on public cloud infrastructure for more than 3 years.
It's the equivalent of watching more than 9,350 full-length HD movies or streaming 7,480 hours of high-def video nonstop in less than a minute.
Full Breach Scope Remains Unclear; Hundreds of Organizations Reportedly AffectedThe scope of the Salesloft Drift data breach continues to expand, now counting Cloudflare, Zscaler, Palo Alto Networks as victims and what investigators say are many hundreds more organizations that connected their Salesforce, Google Workspace or other tools to Salesloft's AI chatbot.
Cloudflare has notified customers that hackers may have accessed their data as part of the Salesloft Drift campaign
Cloudflare on Tuesday said it automatically mitigated a record-setting volumetric distributed denial-of-service (DDoS) attack that peaked at 11.5 terabits per second (Tbps)
Show of hands: who WASN'T targeted? The list of victims keeps growing, as yet another company — Cloudflare — today disclosed that some of its customers' data was also compromised in the Salesloft Drift breach.…
A group linked to Russian intelligence services redirected victims to fake Cloudflare verification pages and exploited Microsoft's device code authentication flow.
Cloudflare is the latest company impacted in a recent string of Salesloft Drift breaches, part of a supply-chain attack disclosed last week. [...]
Internet infrastructure company Cloudflare said it recently blocked the largest recorded volumetric distributed denial-of-service (DDoS) attack, which peaked at 11.5 terabits per second (Tbps). [...]