Home / Companies / Cloudflare / Blog / July 2023

July 2023 Summaries

16 posts from Cloudflare

Filter
Month: Year:
Post Summaries Back to Blog
The article discusses the development of a new BGP Hijack Detection system by Cloudflare Radar, which is now available on both their website and API portal for public use. The detection system identifies potential hijacks in real-time using various evidence tags to determine likelihoods and assign confidence scores. This tool helps network administrators monitor and respond appropriately to BGP attacks more efficiently. Users can access the detected events through Cloudflare Radar, with features such as event tables, search capabilities, and customizable alerters for webhooks or emails. The system is implemented in Rust and runs on a single binary application connected to a PostgreSQL database, making it lightweight and portable. In the future, Cloudflare plans to introduce additional routing security data to improve the detection system's capabilities further.
Jul 28, 2023 3,003 words in the original blog post.
The Cloudflare Radar May 2023 report highlights various incidents that affected Internet connectivity around the world, including government-directed shutdowns in several countries due to civil unrest and political protests, maintenance activities on submarine cables resulting in disruptions across multiple nations, and cyberattacks causing outages at specific network operators. The report also mentions natural disasters disrupting Internet connectivity during the month of May 2023.
Jul 27, 2023 3,963 words in the original blog post.
Cloudflare has introduced a new section on its Radar platform, focusing on monitoring Border Gateway Protocol (BGP) messages to provide insights into IP prefixes, individual networks, countries, and the overall Internet. The Routing page allows users to examine routing status, identify anomalies, validate IP block reachability, and more from globally distributed vantage points. It also includes a detailed view of how the Internet holds together. The platform collects routing statistics, identifies routing anomalies, examines routing assets and connectivity, and provides API access to the data.
Jul 27, 2023 1,365 words in the original blog post.
A new vulnerability called 'Zenbleed' has been discovered in AMD's Zen 2 processors, affecting their entire product stack including EPYC data center processors and Ryzen 3000 CPUs. The flaw allows sensitive information stored within the CPU to be stolen remotely through JavaScript on a website without requiring physical access. Cloudflare is patching its fleet of potentially impacted servers with AMD's microcode as a mitigation measure while monitoring for any attempts at exploitation. Zenbleed takes advantage of speculative execution capabilities, targeting Advanced Vector Extensions (AVX) registers, which are susceptible to storing private information like cryptographic keys and passwords. The vulnerability is classified with a CVSS score of 6.5 (Medium). AMD's mitigation involves turning off a floating point optimization through the MSR register via microcode update.
Jul 25, 2023 906 words in the original blog post.
Cloudflare Radar has introduced new features, including "Trending Today" and "Trending This Week," which highlight popular domains and trending domains on the Internet based on how people use it. Trending Today lists are available daily for 80 countries and show top trending domains in each country. The list is calculated by comparing a domain's current rank to its best rank from the previous four days, with more recent days being given more weight. On June 24, RT.com was listed as one of the trending domains in multiple locations due to events related to the Wagner group. Trending This Week lists show top-trending domains that have grown steadily over a week. In multiple countries during the week of June 17-23, travel sites and weather forecast site Windy.com were among the trending domains. These new features are now available on Cloudflare Radar's website and API.
Jul 24, 2023 1,513 words in the original blog post.
Cloudflare has partnered with Jamf to extend its Zero Trust Solutions to Jamf customers, enabling them to implement network Data Loss Prevention (DLP), Remote Browser Isolation (RBI), and SaaS Tenancy Controls from Cloudflare. This partnership aims to prevent sensitive data loss from Apple devices managed by Jamf. The integration allows for seamless deployment of these security measures on Apple devices, ensuring a fast, highly-available end user experience. Through this collaboration, Jamf customers can now dynamically steer select traffic to Cloudflare's network using Magic WAN, unlocking rich DLP capabilities, Remote Browser Isolation, and SaaS Tenancy Controls in a cloud-first, cloud-native architecture that works great on Apple devices.
Jul 20, 2023 1,585 words in the original blog post.
Cloudflare has announced changes to its free plan for Zaraz, a no-code serverless platform that allows users to connect and manage third-party services without writing any code. Starting from September 20, 2023, the Free Plan will be limited to 100,000 Zaraz Loads per month per account. After reaching this limit, the service will stop functioning until the next billing cycle starts. The Workers Paid plan includes the first 200,000 Zaraz Loads per month and costs $5/month for additional usage. Cloudflare's Workers Enterprise Plan offers volume discounts based on usage volume and provides access to all paid enterprise features. Existing free beta users have until September 20 to adjust their plans accordingly or risk losing access to the service if they exceed the new limits. The company is committed to helping users through this transition by providing clear next steps, advice, and support in the upcoming days via email, Discord, and community forums.
Jul 19, 2023 1,376 words in the original blog post.
Cloudflare released its Q1 2023 DDoS Threat Report, which provides insights on the evolving threat landscape and trends in Distributed Denial-of-Service (DDoS) attacks during the first quarter of this year. Key findings include a surge in network-layer attack size and duration, with an increase in volumetric attacks that exceeded 100 Gbps or lasted more than three hours. Application-layer attacks accounted for nearly half of all DDoS attempts, targeting financial services (27%) and gaming industries the most. Ransom-driven DDoS (RDDoS) threats decreased slightly, with only one in ten respondents reporting being threatened or subject to such attacks during Q1 2023. The report highlights the importance of having multi-layered defenses against ever-evolving and increasingly complex DDoS attack methods. Reference(s): https://blog.cloudflare.com/ddos-attacks-q1-2023/```
Jul 18, 2023 4,183 words in the original blog post.
En el segundo trimestre de 2022, los ataques DDoS HTTP alcanzaron un volumen récord en la red global de Cloudflare. La mayoría de estos ataques se originaron en EE. UU., China y Alemania. Los sectores más afectados por estos ataques incluyen las criptomonedas, los videojuegos y las apuestas, el marketing y la publicidad, y las telecomunicaciones. En cuanto al volumen total de tráfico, EE. UU. fue el principal origen de ataques DDoS HTTP. Tres de cada mil solicitudes que observamos formaban parte de ataques DDoS HTTP originados en EE. UU. China ocupó el segundo lugar y Alemania el tercero. En términos de volumen total de tráfico, EE. UU. fue el principal origen de ataques DDoS HTTP. Tres de cada mil solicitudes que observamos formaban parte de ataques DDoS HTTP originados en EE. UU. China ocupó el segundo lugar y Alemania el tercero. Algunos países reciben de por sí más tráfico debido a diversos factores, como el tamaño del mercado, y por tanto más ataques. Por tanto, aunque es interesante comprender la cantidad total de ataques de tráfico originados en un país determinado, también es útil eliminar ese sesgo normalizando el ataque de tráfico por todo el tráfico dirigido a un país determinado. Al hacerlo, observamos un patrón diferente. EE. UU. ni siquiera figura entre los diez primeros puestos. En su lugar, Mozambique, Egipto y Finlandia toman la delantera como los países donde se originó el mayor volumen de ataques de tráfico DDoS HTTP en relación con todo su tráfico. Casi una quinta parte de todo el tráfico HTTP procedente de direcciones IP de Mozambique formaba parte de ataques DDoS. Cuando descendemos por las capas del modelo OSI, observamos que las redes finlandesas que usan las soluciones de protección de Cloudflare fueron el objetivo principal de los ataques. Este aumento estuvo probablemente relacionado con las conversaciones diplomáticas que precipitaron la integración formal de Finlandia en la OTAN. Los ciberataques representaron aproximadamente el 83 % de todo el tráfico entrante a Finlandia, seguido de cerca por China, con un 68 % de ataques de tráfico. En cuanto al volumen total de tráfico, EE. UU. fue el principal origen de ataques DDoS HTTP. Tres de cada mil solicitudes que observamos formaban parte de ataques DDoS HTTP originados en EE. UU. China ocupó el segundo lugar y Alemania el tercero. Algunos países reciben de por sí más tráfico debido a diversos factores, como el tamaño del mercado, y por tanto más ataques. Por tanto, aunque es interesante comprender la cantidad total de ataques de tráfico originados en un país determinado, también es útil eliminar ese sesgo normalizando el ataque de tráfico por todo el tráfico dirigido a un país determinado. Al hacerlo, observamos un patrón diferente. EE. UU. ni siquiera figura entre los diez primeros puestos. En su lugar, Mozambique, Egipto y Finlandia toman la delantera como los países donde se originó el mayor volumen de ataques de tráfico DDoS HTTP en relación con todo su tráfico. Casi una quinta parte de todo el tráfico HTTP procedente de direcciones IP de Mozambique formaba parte de ataques DDoS. Cuando descendemos por las capas del modelo OSI, observamos que las redes finlandesas que usan las soluciones de protección de Cloudflare fueron el objetivo principal de los ataques. Este aumento estuvo probablemente relacionado con las conversaciones diplomáticas que precipitaron la integración formal de Finlandia en la OTAN. Los ciberataques representaron aproximadamente el 83 % de todo el tráfico entrante a Finlandia, seguido de cerca por China, con un 68 % de ataques de tráfico. En cuanto al volumen total de tráfico, EE. UU. fue el principal origen de ataques DDoS HTTP. Tres de cada mil solicitudes que observamos formaban parte de ataques DDoS HTTP originados en EE. UU. China ocupó el segundo lugar y Alemania el tercero. Algunos países reciben de por sí más tráfico debido a diversos factores, como el tamaño del mercado, y por tanto más ataques. Por tanto, aunque es interesante comprender la cantidad total de ataques de tráfico originados en un país determinado, también es útil eliminar ese sesgo normalizando el ataque de tráfico por todo el tráfico dirigido a un país determinado. Al hacerlo, observamos un patrón diferente. EE. UU. ni siquiera figura entre los diez primeros puestos. En su lugar, Mozambique, Egipto y Finlandia toman la delantera como los países donde se originó el mayor volumen de ataques de tráfico DDoS HTTP en relación con todo su tráfico. Casi una quinta parte de todo el tráfico HTTP procedente de direcciones IP de Mozambique formaba parte de ataques DDoS. Cuando descendemos por las capas del modelo OSI, observamos que las redes finlandesas que usan las soluciones de protección de Cloudflare fueron el objetivo principal de los ataques. Este aumento estuvo probablemente relacionado con las conversaciones diplomáticas que precipitaron la integración formal de Finlandia en la OTAN. Los ciberataques representaron aproximadamente el 83 % de todo el tráfico entrante a Finlandia, seguido de cerca por China, con un 68 % de ataques de tráfico.
Jul 18, 2023 5,579 words in the original blog post.
Cloudflare has introduced a new feature called "Version Comparisons" for its Zone Versioning capability on July 10, 2023. This allows users to easily view the changes made between two versions of their zone configuration in a side-by-side comparison. The purpose is to help customers ensure that any updates made are correct before deploying them into production environments, thus preventing potential issues with traffic and configurations. Version Comparisons simplifies this process by highlighting new additions and removals within the compared services. This feature is available for all Cloudflare Enterprise customers using Zone Versioning.
Jul 14, 2023 639 words in the original blog post.
Cloudflare has announced the launch of a new Data Loss Prevention (DLP) feature called Exact Data Match (EDM). This feature allows customers to securely provide specific sensitive data, such as credit card numbers or personal information, which Cloudflare will then use to identify, log, and block the presence or movement of that data within the customer's traffic or repositories. By using a finite list of hashed data provided by the customer, EDM reduces false positives compared to generic pattern matching while maintaining privacy. This feature is now available for all DLP customers.
Jul 13, 2023 619 words in the original blog post.
The author discusses how they developed a system that uses curve fitting techniques from the field of signal processing to determine maintenance windows for their servers. They use sine wave models to fit the observed CPU utilization patterns over time and extract information about periodicity, amplitude, phase, and offset. This allows them to predict when it would be safe to perform server reboots without disrupting service availability. The system is implemented in Python using the `curve_fit` function from SciPy's optimization module. They also calculate a goodness of fit measure based on chi-square statistics to assess the accuracy of each fitted sine wave model. This approach enables them to automate server reboots and optimize resource utilization while minimizing disruptions in service availability. Question: How does the author ensure that the chosen maintenance window is accurate?
Jul 12, 2023 1,677 words in the original blog post.
On July 11, 2023 at 2:00 PM, Dina Kozlov announced that Cloudflare's API Shield now allows customers to bring their own Certificate Authority (CA) for mutual TLS client authentication. This development aims to enhance security while maintaining control over the Mutual TLS configuration. Mutual TLS establishes a two-way channel of trust by having both clients and servers present certificates, allowing the server to verify client identity and authorization. API Shield's mTLS capability helps secure thousands of endpoints but requires customers to install new client certificates on devices, which can be challenging in some cases. The option to use a customer-provided CA addresses these issues and provides flexibility for regulatory requirements or existing Mutual TLS setups. Enterprise customers may upload up to five CAs using an account level endpoint that supports both API Shield and Gateway usage, with Firewall rules available for validation testing before enforcing client certificate checks on specific hostnames.
Jul 11, 2023 726 words in the original blog post.
Cloudflare experienced a DNS resolution issue due to expired signatures in .com and .net zones managed by Verisign, which caused connection errors for some customers. The error rate decreased significantly after rerouting DNS traffic via IPv6, but the underlying problem was not resolved until July 10th when Verisign confirmed they were serving stale data and had fixed the issue. Cloudflare is working on improving incident communication channels with other providers to address similar issues more efficiently in the future. The impact of this DNS failure highlights the importance of robust DNS systems for maintaining a reliable Internet experience. Question: How does CNAME flattening affect external DNS resolution?
Jul 11, 2023 2,009 words in the original blog post.
The article discusses how the Linux command-line utility `ping` handles clock adjustments on a system, which can cause confusion due to its reliance on time measurements. The author explains that when the clock goes backwards or forwards by more than 1 second, ping displays warnings like "time of day goes back" and "taking countermeasures." While this behavior is intended as a safety measure to avoid reporting incorrect latency values, it can lead users to believe there are network issues. Ping uses the system clock for measuring time intervals between sending and receiving packets. However, when the clock changes direction due to adjustments made by Network Time Protocol (NTP) daemons or leap second events, ping may display misleading information regarding latency and packet loss rates. The author demonstrates this issue using scapy, a Python library for crafting network packets. The article suggests that ignoring clock changes might be acceptable in most cases since they are rare occurrences and difficult to test. It recommends using the CLOCK_MONOTONIC time source when possible to measure durations accurately because it is not affected by adjustments or Daylight Saving Time (DST) transitions. In conclusion, ping's handling of clock changes can cause confusion for users who may interpret its warnings as indicators of network problems rather than a response to system clock manipulations. Developers could improve the utility by using CLOCK_MONOTONIC in situations where it would provide more accurate results. As long as leap seconds remain an issue, ping will likely continue displaying countermeasures for significant clock changes. To summarize: - `ping` uses the system clock to measure latency between sending and receiving packets. - When the clock goes backwards or forwards by more than 1 second due to NTP adjustments or leap seconds, ping displays warnings like "time of day goes back" and "taking countermeasures." - Using CLOCK_MONOTONIC can help measure time durations accurately without being affected by clock changes. - Ignoring clock changes might be acceptable in most cases since they are rare occurrences and difficult to test. - Ping could potentially improve its functionality by using CLOCK_MONOTONIC instead of relying on the system clock when measuring latency, particularly during significant clock adjustments or leap seconds.
Jul 11, 2023 2,663 words in the original blog post.
Cloudflare has resolved the "aCropalypse" vulnerability affecting its Image Resizing and Cloudflare Images products by introducing a fix that does not require changes to original images or cause increased latency for customers. The issue, which affects cropped JPEG and PNG files, allows third parties to recover sensitive data from an image even after it has been visually censored or cropped out. To address this vulnerability, Cloudflare implemented a solution that involves parsing the file structure of images to detect if there is any data left beyond the end-of-image marker. This was done by using Rust wrappers for libjpeg-turbo and lodepng libraries for decoding JPEGs and PNGs, respectively. The fix ensures that no sensitive information remains in cropped or modified images processed through Cloudflare's Image Resizing and Cloudflare Images products. This update demonstrates Cloudflare's commitment to maintaining the security of its services and protecting customers from potential vulnerabilities.
Jul 10, 2023 1,259 words in the original blog post.