Cloudflare employees were recently targeted by a “sophisticated” cyberattack, and even though some fell for the scheme, the DDoS protection company managed to successfully defend itself. 

In a blog post(opens in new tab), Cloudflare co-founder Matthew Prince, together with team members Daniel Stinson-Diess and Sourov Zaman, explained how the attack happened and what made the difference between success and failure.

The threat actor made a couple of key preparations ahead of the attack: they registered a domain that looked legitimate and would fool many victims: cloudflare-okta.com. Okta is Cloudflare’s identity provider. They also managed to somehow obtain the phone numbers of almost 80 Cloudflare employees, as well as family members for some.


More

What is a passkey? Why Apple is betting on password-free tech

The digital realm has long struggled with the vulnerabilities inherent in password-based authentication systems. With…

Read More →

The Register: AWS is pushing ahead with MFA for privileged accounts. What that means for you.

AWS is making multi-factor authentication (MFA) mandatory for privileged users, specifically management account root users…

Read More →

IT Brew: FIDO Alliance announces identity-proofing certification

FIDO’s Face Verification Certification tests for security, liveness, and bias in remote identity verification technology…

Read More →


123248 Next