CyberSecurity news
FlagThis - #cloudflare
|
@aithority.com
//
Cloudflare is significantly enhancing its platform for AI agent development, introducing new tools and features aimed at accelerating the creation and deployment of these autonomous systems. The company's Developer Week kicked off with the announcement of several advancements building upon the Agents SDK JavaScript framework released in February. These include industry-first remote Model Context Protocol (MCP) server, generally available access to durable Workflows, and a free tier for Durable Objects. These advancements are designed to drastically reduce the time it takes to build sophisticated AI agents, making the technology more accessible and affordable for developers.
Cloudflare's focus centers around the Model Context Protocol (MCP), an open standard that enables AI agents to directly interact with external services, shifting them from merely providing instructions to actively completing tasks. The newly introduced remote MCP server eliminates the previous limitation of running MCP locally, opening doors for wider adoption. Furthermore, Cloudflare is providing new Agents SDK capabilities to build remote MCP clients, with transport and authentication built-in, to allow AI agents to connect to external services. This also included integrations with Stytch, Auth0, and WorkOS to add authentication and authorization to your remote MCP server The company's new tools address key challenges in AI agent development by simplifying integrations, managing client lifecycles, and assigning granular permissions. Stytch and Cloudflare have also partnered to secure Remote MCP servers with OAuth. This partnership solves the challenge of robust authorization for AI agents, enabling Remote MCP authorization via OAuth. By addressing these challenges, Cloudflare is positioning itself as a leading platform for building and scaling agentic AI, lowering the barrier to entry for developers and unlocking new possibilities for AI-driven automation. Recommended read:
References :
Mandvi@Cyber Security News
//
Netskope Threat Labs has uncovered a new evasive campaign that uses fake CAPTCHAs and CloudFlare Turnstile to deliver the LegionLoader malware. This sophisticated attack targets individuals searching for PDF documents online, tricking them into downloading malware that installs a malicious browser extension. This extension is designed to steal sensitive user data. The campaign has been active since February 2025 and has impacted over 140 customers.
The attack begins when victims are lured to malicious websites after searching for specific PDF documents. These sites present fake CAPTCHAs. Interacting with the fake CAPTCHA redirects the victim through a Cloudflare Turnstile page to a notification prompt. If the user enables browser notifications, they are directed to download what they believe is their intended document. However, this process executes a command that downloads a malicious MSI installer. Upon execution, the MSI file installs a program named "Kilo Verfair Tools" which sideloads a malicious DLL, initiating the LegionLoader infection. The LegionLoader payload uses a custom algorithm to deobfuscate shellcode and then injects the payload into an "explorer.exe" process. This ultimately leads to the installation of a malicious browser extension, often masquerading as "Save to Google Drive". This extension steals sensitive information like clipboard data, cookies, and browsing history. The affected sectors include technology and business services, retail, and telecommunications. Recommended read:
References :
@The DefendOps Diaries
//
Cloudflare is enhancing API security by closing all HTTP ports on api.cloudflare.com, enforcing HTTPS-only connections. This significant move aims to eliminate vulnerabilities associated with cleartext HTTP traffic, where sensitive information like API tokens could be intercepted by malicious actors or network intermediaries. By mandating HTTPS-only connections, Cloudflare is setting a new standard in cybersecurity practices, protecting against potential data leaks and enhancing the overall security posture.
The decision to block unencrypted traffic to API endpoints is a strategic response to the increasing sophistication of cyber threats. Even with automatic redirection from HTTP to HTTPS, a window of vulnerability exists where sensitive data could be transmitted over unencrypted channels. Cloudflare's proactive approach rejects cleartext connections at the transport layer, safeguarding organizations relying on APIs and reducing the risk of cyber threats. This aligns with Cloudflare's efforts to support AI adoption with a security-first approach, ensuring reliable and safe use of AI technologies. Recommended read:
References :
Megan Crouse@eWEEK
//
Cloudflare has launched AI Labyrinth, a new tool designed to combat web scraping bots that steal website content for AI training. Instead of simply blocking these crawlers, AI Labyrinth lures them into a maze of AI-generated content. This approach aims to waste the bots' time and resources, providing a more effective defense than traditional blocking methods which can trigger attackers to adapt their tactics. The AI Labyrinth is available as a free, opt-in tool for all Cloudflare customers, even those on the free tier.
The system works by embedding hidden links within a protected website. When suspicious bot behavior is detected, such as ignoring robots.txt rules, the crawler is redirected to a series of AI-generated pages. This content is "real looking" and based on scientific facts, diverting the bot from the original website's content. Because no human would deliberately explore deep into a maze of AI-generated nonsense, anyone who does can be identified as a bot with high confidence. Cloudflare emphasizes that AI Labyrinth also functions as a honeypot, allowing them to identify new bot patterns and improve their overall bot detection capabilities, all while increasing the cost for unauthorized web scraping. Recommended read:
References :
@www.infosecurity-magazine.com
//
Attackers are exploiting user familiarity with CAPTCHAs to distribute the Lumma Stealer RAT (Remote Access Trojan) via malicious PowerShell commands, according to recent findings. These campaigns involve tricking users into running PowerShell commands that ultimately install the Lumma Stealer. Attackers direct potential victims to attacker-controlled sites and prompt them to complete fake authentication challenges. These challenges often involve directing potential victims to malicious websites where they are prompted to complete verification steps, but instead of a CAPTCHA, it instructs them to press Windows + R and run a PowerShell command—under the false pretense of running “Windows Defender.”
These attacks leverage weaponized CAPTCHAs, with users being directed to malicious websites where they are prompted to complete verification steps. Upon completing these steps, users inadvertently copy and run PowerShell scripts that download and install malware, such as the Lumma Stealer. This allows the attackers to steal sensitive data like cryptocurrency wallets. The exploitation involves fake Cloudflare verification prompts, which lead users to execute malicious PowerShell commands to install the LummaStealer Trojan through infected WordPress sites, posing a significant threat. Recommended read:
References :
John Engates@The Cloudflare Blog
//
Cloudflare has announced an expansion of its Zero Trust platform to protect organizations against emerging quantum computing threats. The upgrade focuses on enabling post-quantum cryptography for corporate network traffic, allowing secure routing of communications from web browsers to corporate web applications. This provides immediate, end-to-end quantum-safe connectivity, addressing the increasing vulnerability of conventional cryptography to quantum computer attacks. Cloudflare has been actively developing and implementing post-quantum cryptography since 2017 and are already making post-quantum security free, by default, for all of its customers.
Organizations can tunnel their corporate network traffic through Cloudflare’s Zero Trust platform, thereby shielding sensitive data from potential quantum breaches. Over 35% of non-bot HTTPS traffic that touches Cloudflare is already post-quantum secure, with the expectation that this percentage will grow as more browsers and clients support post-quantum cryptography. The National Institute of Standards and Technology (NIST) is also encouraging this transition, setting a timeline to phase out conventional cryptographic algorithms like RSA and Elliptic Curve Cryptography (ECC) by 2030 and completely disallowing them by 2035. Cloudflare's CEO Matthew Prince states "Cloudflare has long committed to making post-quantum security the new baseline for Internet security, delivering it to all customers so we can bolster defenses against future quantum threats. Now, we’re offering that protection built directly into our Zero Trust solutions". He continues "We want every Cloudflare customer to have a clear path to quantum safety, and we are already working with some of the most innovative banks, ISPs, and governments around the world as they begin their journeys to quantum security. We will continue to make advanced cryptography accessible to everyone, at no cost, in all of our products.” Recommended read:
References :
gist.github.com via pushcx@Lobsters
//
A 15-year-old hacker has uncovered a significant security vulnerability related to Cloudflare's caching feature. This "zero-click deanonymization attack" can expose a user's precise location, within a 250-mile radius, without any interaction required from the user. The exploit impacts several popular platforms, including Signal and Discord, raising concerns for privacy among users. The hacker published a research paper warning about this undetectable exploit, targeted towards journalists, activists, and hackers, highlighting how attackers could send a malicious payload and reveal locations within seconds.
Multiple online cybercrime platforms including Cracked, Nulled, Sellix, and StarkRDP, have been seized by law enforcement in a large international operation. These sites, which facilitated the trading of stolen data, malware, and hacking tools, were used by over 10 million users. The operation involved authorities from multiple countries, and included arrests, property searches, and the confiscation of devices and funds. Europol reports that these platforms had generated over a million euros in illicit profits. The shutdown also targeted supporting services like financial processor Sellix and hosting service StarkRDP. Authorities indicate that these forums also offered AI-based tools to automate security vulnerability scans and enhance phishing attacks. Recommended read:
References :
@www.bleepingcomputer.com
//
References:
ciso2ciso.com
, BleepingComputer
,
Cloudflare has recently mitigated a record-breaking 5.6 Tbps DDoS attack, showcasing the increasing sophistication and scale of cyber threats. The attack, a Mirai-variant botnet attack, originated from approximately 13,000 IoT devices and targeted an East Asian Internet Service Provider. This follows a previous 3.8 Tbps DDoS attack mitigated by Cloudflare in October 2024. The new attack which lasted only 80 seconds and was successfully defended by Cloudflare's automated systems, highlights a worrying trend of escalating hyper-volumetric attacks, with attacks over 1Tbps increasing by a staggering 1,885% from the previous quarter. The company also noted a 53% increase in the frequency of all DDoS attacks throughout 2024, blocking an average of 4,870 attacks per hour.
A vulnerability in Cloudflare's CDN has also been identified that could expose users' general location. This vulnerability, discovered by a security researcher, allows a person's location to be determined by simply sending an image on platforms such as Signal and Discord. Cloudflare's CDN caches media at data centers closest to users, allowing their general location to be determined through cached responses to an image. It was found that this type of location tracking could achieve an accuracy between 50 and 300 miles, potentially creating privacy and security concerns. While Cloudflare has addressed the specific vulnerability, it has been noted that location attacks could still be performed via other methods. Recommended read:
References :
CISO2CISO Editor 2@ciso2ciso.com
//
References:
ciso2ciso.com
, Pyrzout :vm:
,
Cloudflare has successfully mitigated a massive 5.6 Tbps Distributed Denial-of-Service (DDoS) attack, a record-breaking event highlighting the increasing threat of hyper-volumetric assaults. The attack, originating from a Mirai-variant botnet, targeted an East Asian Internet Service Provider on October 29th and lasted for 80 seconds. This incident underscores the growing sophistication and scale of DDoS threats, with this particular attack leveraging over 13,000 compromised IoT devices. Cloudflare's autonomous defense systems were able to promptly mitigate the attack.
The Mirai-variant botnet, known as "Murdoc," is exploiting vulnerabilities in AVTECH IP cameras and Huawei HG532 routers using CVE-2024-7029 and CVE-2017-17215. The Murdoc botnet campaign uses ELF files and shell scripts for propagation, downloading and executing malicious payloads on devices. The botnet has been found on over 1300 identified IPs and uses more than 100 command-and-control servers. This has resulted in a significant global impact, with Malaysia, Thailand, Mexico, and Indonesia being the most affected. In 2024, Cloudflare blocked 21.3 million DDoS attacks, a 53% year-over-year increase, and 420 attacks in Q4 exceeded 1 Tbps. Recommended read:
References :
CISO2CISO Editor 2@ciso2ciso.com
//
Cloudflare successfully mitigated a record-breaking 5.6 Tbps Distributed Denial of Service (DDoS) attack on October 29, 2024. The attack, launched by a Mirai-variant botnet, targeted an internet service provider (ISP) in East Asia. The botnet comprised of 13,000 compromised IoT devices flooding the target with malicious data, which aimed to cripple the ISP’s operations.
The attack lasted only 80 seconds, but Cloudflare's autonomous defence systems promptly identified and mitigated the anomalous traffic without human intervention, intercepting and neutralizing the malicious data at Cloudflare's edge nodes. Each IP address within the botnet generated an average traffic of approximately 4 Gbps. The successful defense highlights the escalating sophistication and scale of DDoS threats, with hyper-volumetric attacks exceeding 1 Tbps dramatically increasing. This incident underscores the importance of robust DDoS mitigation strategies and the need for continuous evolution in network security. Recommended read:
References :
|