Say hello to OpenSK: a fully open-source security key implementation

Posted by Elie Bursztein, Security & Anti-abuse Research Lead, and Jean-Michel Picod, Software Engineer, Google  Today, FIDO security keys are reshaping the way online accounts are protected by providing an easy, phishing-resistant form of two-factor authentication (2FA) that is trusted by a growing number of websites, including Google, social networks,…

Sprint Exposed Customer Support Site to Web

Fresh on the heels of a disclosure that Microsoft Corp. leaked internal customer support data to the Internet, mobile provider Sprint has addressed a mix-up in which posts to a private customer support community were exposed to the Web. KrebsOnSecurity recently contacted Sprint to let the company know that an internal…

Announcing Built with Workers

Ever since its initial release, Cloudflare Workers has given JavaScript developers a platform to enable building high-performance applications with automatic scaling.As with any new technology, we know it can be a bit intimidating to get started. For one thing, running code on the edge is a paradigm shift—forcing us to…

CacheOut – Another day, another CPU attack!

A team of researchers from University of Michigan (Stephan van Schaik, Marina Minkin, Andrew Kwong and Daniel Genkin) and University of Adelaide (Yuval Yarom) recently presented a new attack technique that targets Intel CPUs. The attack, dubbed CacheOut (CVE-2020-0549), is a “speculative execution attack that is capable of leaking data…

High Severity CSRF to RCE Vulnerability Patched in Code Snippets Plugin

Description: Cross-Site Request Forgery to Remote Code Execution Affected Plugin: Code Snippets Affected Versions: <= 2.13.3 CVE ID: CVE-2020-8417 CVSS Score: 8.8 (High) CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Patched Version: 2.14.0 On January 23rd, our Threat Intelligence team discovered a vulnerability in Code Snippets, a WordPress plugin installed on over 200,000 sites.…

VirusTotal MultiSandbox += BitDam ATP

VirusTotal would like to welcome BitDam to the multi-sandbox project! In their own words:BitDam Advanced Threat Protection (ATP) is a cloud-based engine that proactively detects threats, pre-delivery, preventing hardware and logical exploits, ransomware, spear-phishing and zero-day attacks contained in files and URLs. BitDam’s patented attack-agnostic technology shows remarkably higher protection…

Empowering Your Privacy

Happy Data Privacy Day! At Cloudflare, our mission is to help build a better Internet, and we believe data privacy is core to that mission. But we know words are cheap — even data brokers who sell your personal information will tell you that “privacy is important” to them. So…
1 2 3 5