Risk Management – Great Start Guide (101)
Risk Management Risk management in IT involves the identification, organization, and management of risks in an organization. It is normally done in a way that balances the costs associated with using security solutions to protect the organization and the benefits that they bring. In simpler terms, risk management allows the…
Cloudflare Pages is Lightning Fast
When we announced Cloudflare Pages in April, our goal wasn’t to bring just any web development tool to the table. As a front-end developer, it’s your responsibility to bring the ideas of your marketing, product and engineering teams to life by crafting a beautifully engaging experience for every customer. With…
Profiling Your Workers with Wrangler
In the year since Cloudflare’s launch of Workers Unbound, developers have unlocked the ability to run computationally intensive workloads on the Cloudflare edge network — like image processing, game logic, and other complex algorithms. With all that additional computing power comes a host of questions around performance. Our customers often…
Weekly Update 261
Presently sponsored by: 1Password is a secure password manager and digital wallet that keeps you safe onlineNever a dull moment! Most important stuff this week is talking about next week, namely because Scott Helme and I will be dong a live stream together for the 5th anniversary of my weekly…
Friday Squid Blogging: Ram’s Horn Squid Shells
You can find ram’s horn squid shells on beaches in Texas (and presumably elsewhere). As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here.
Benchmarking Edge Network Performance: Akamai, Cloudflare, AWS CloudFront, Fastly, and Google
During Speed Week we’ve talked a lot about services that make the web faster. Argo 2.0 for better routing around bad Internet weather, Orpheus to ensure that origins are reachable from anywhere, image optimization to send just the right bits to the client, Tiered Cache to maximize cache hit rates…
Announcing Project Turpentine: an easy way to get off Varnish
When Varnish and the Varnish Configuration Language (VCL) were first introduced 15 years ago, they were an incredibly powerful combination to configure caching on servers (and your networks). It seemed a logical choice for a language to configure CDNs — caching in the cloud.A lot has changed on the Internet…
Free decryptor for past REvil ransomware victims released
The experts at security firm Bitdefender, in collaboration with "a trusted law enforcement partner", have made available a universal decryptor for victims of the REvil ransomware (also sometimes known as Sodinokibi).
Zero-Click iMessage Exploit
Citizen Lab released a report on a zero-click iMessage exploit that is used in NSO Group’s Pegasus spyware. Apple patched the vulnerability; everyone needs to update their OS immediately. News articles on the exploit.
New Malware Targets Windows Subsystem for Linux to Evade Detection
A number of malicious samples have been created for the Windows Subsystem for Linux (WSL) with the goal of compromising Windows machines, highlighting a sneaky method that allows the operators to stay under the radar and thwart detection by popular anti-malware engines. The "distinct tradecraft" marks the first instance where…
It’s Time for Vendor Security 2.0
In a previous post I talked about how security questionnaires are security theater. They were then in 2018, and they still are, but pointing that out still left a crucial question: Fine, but we have to do something. So what’s the alternative? It’s a fair point, and I think I…
Malware Attack on Aviation Sector Uncovered After Going Unnoticed for 2 Years
A targeted phishing campaign aimed at the aviation industry for two years may be spearheaded by a threat actor operating out of Nigeria, highlighting how attackers can carry out small-scale cyber offensives for extended periods of time while staying under the radar. Cisco Talos dubbed the malware attacks "Operation Layover,"…
Fake Walmart press release causes cryptocurrency price surge
The cryptocurrency Litecoin soared in value earlier this week upon the news that supermarket giant Walmart would accept it as a form of payment at its retail stores across America. The only problem was... it simply wasn't true. Read more in my article on the Hot for Security blog.
Trial Ends in Guilty Verdict for DDoS-for-Hire Boss
A jury in California today reached a guilty verdict in the trial of Matthew Gatrel, a St. Charles, Ill. man charged in 2018 with operating two online services that allowed paying customers to launch powerful distributed denial-of-service (DDoS) attacks against Internet users and websites. Gatrel’s conviction comes roughly two weeks…
5 Essential Tips And Tricks For New Rust Player
This post will show you 5 essential tips and tricks for new Rust player. Rust is a survival game. As such, you need all the help available to protect yourself from enemies. Apart from the bears and wolves to avoid, you will also stay away from other human players who’re…