Cloudflare employees were recently targeted by a “sophisticated” cyberattack, and even though some fell for the scheme, the DDoS protection company managed to successfully defend itself. 

In a blog post(opens in new tab), Cloudflare co-founder Matthew Prince, together with team members Daniel Stinson-Diess and Sourov Zaman, explained how the attack happened and what made the difference between success and failure.

The threat actor made a couple of key preparations ahead of the attack: they registered a domain that looked legitimate and would fool many victims: cloudflare-okta.com. Okta is Cloudflare’s identity provider. They also managed to somehow obtain the phone numbers of almost 80 Cloudflare employees, as well as family members for some.


More

TechRadar: Great news everyone! Google is going to let you transfer your passkeys to a new phone

Google’s password manager may soon allow you to transfer your passkeys to a new phone,…

Read More →

International Security Journal: Passkeys set to become leading authentication method by 2027, HYPR reports

HYPR, an Identity Assurance Company, has released the fifth edition of its ‘State of Passwordless…

Read More →

Security Info Watch: iProov launches facial biometric MFA support targeting workforce identity theft

This device-independent, FIDO Alliance-certified biometric authentication solution helps organizations mitigate the risk of one of…

Read More →