Attacks

October 24, 2019 5:27 PM

Three vulnerabilities were disclosed as Cache Poisoning Denial of Service attacks in a paper written by Hoai Viet Nguyen, Luigi Lo Iacono, and Hannes Federrath of TH Köln - University of Applied Sciences. These attacks are similar to the cache poisoning attacks presented last yea...

By 
• Rustam Lalkaka

October 24, 2019 1:00 PM

It was a scorching Monday on July 22 as temperatures soared above 37°C (99°F) in Austin, TX, the live music capital of the world. Only hours earlier, the last crowds dispersed from the historic East 6th Street entertainment district. ...

By 
• Omer Yoachimik

June 13, 2019 1:00 PM

Yesterday, we celebrated the fifth anniversary of Project Galileo. More than 550 websites are part of this program, and they have something in common: each and every one of them has been subject to attacks in the last month....

By 
• Maxime Guerreiro

March 20, 2019 1:00 PM

HTTP requests originate with a client and end at a web server that processes the request and returns a response. Such requests pass through multiple proxies before arriving at the requested resource. ...

By 
• Alex Davidson

February 20, 2019 3:14 PM

Bot-powered credential stuffing is a scourge on the modern Internet. These attacks attempt to log into and take over a user’s account by assaulting password forms with a barrage of dictionary words and previously stolen account credentials....

By 
• Nikon Rasumov

November 28, 2018 7:59 PM

Efficient packet dropping is a key part of Cloudflare’s distributed denial of service (DDoS) attack mitigations. In this post, we introduce a new tool in our packet dropping arsenal: L4Drop....

By 
• Arthur Fabre

November 12, 2018 11:27 AM

It's been a while since we last wrote about Layer 3/4 DDoS attacks on this blog. This is a good news - we've been quietly handling the daily onslaught of DDoS attacks. Since our last write-up, a handful of interesting L3/4 attacks have happened. Let's review them....

By 
• Marek Majkowski

September 08, 2018 3:00 PM

Some conversations are easy; some are difficult. Some are harmonious and some are laborious. But when it comes to website security, the conversation is confusing. Every organisation agrees, in theory, that their websites need to be secure....

By 
• Naveen Singh

September 05, 2018 2:58 PM

On August 22 a new vulnerability in the Apache Struts framework was announced. We quickly deployed a mitigation to protect customers....

By 
• Richard Sommerville

July 06, 2018 1:00 PM

Internally our DDoS mitigation team is sometimes called "the packet droppers". When other teams build exciting products to do smart things with the traffic that passed through our network, we take joy in discovering novel ways of discarding it....

By 
• Marek Majkowski

May 21, 2018 8:41 PM

With more platforms adopting DDoS safeguards like integrating mitigation services and enhancing bandwidth at vulnerable points, Layer 3 and 4 attacks are becoming far less effective than before....

By 
• Alex Cruz Farmer

March 29, 2018 4:10 AM

Drupal has recently announced an update to fix a critical remote code execution exploit (SA-CORE-2018-002/CVE-2018-7600). This patch is to disallow forms and form fields from starting with the “#” character....

By 
• Pasha Kravtsov

March 06, 2018 3:46 PM

A week ago we published a story about new amplification attacks using memcached protocol on UDP port 11211. A few things happened since then: Github announced it was a target of 1.3Tbps memcached attack. OVH and Arbor reported similar large attacks with the peak reported at 1.7Tb...

By 
• Marek Majkowski

February 27, 2018 2:38 PM

Over last couple of days we've seen a big increase in an obscure amplification attack vector - using the memcached protocol, coming from UDP port 11211. In the past, we have talked a lot about amplification attacks happening on the internet. ...

By 
• Marek Majkowski