Cyber Security Headlines

Cloudflare’s protection bypass, ALPHV healthcare victim, Lazarus Meta recruiter

Oct 2, 2023

Cloudflare's protection bypassed; McLaren Health Care victimized; Lazarus Group impersonates Meta recruiters; CISOseries.com covers the stories behind the headlines: bypass in Cloudflare's firewall discovered, McLaren Healthcare falls victim to a cyber group, Lazarus Group targets Spanish engineers, critical vulnerability in Microsoft SharePoint Server found.

07:08

Creator website

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Cloudflare's DDoS protections can be bypassed through logic flaws in cross-tenant security controls.

Lazarus Group impersonates Meta recruiters to launch sophisticated attacks on Spanish engineers.

Deep dives

Cloudflare's DDoS protections can be bypassed using a free account

A researcher has discovered that Cloudflare's firewall and DDoS prevention can be bypassed by leveraging logic flaws in cross-tenant security controls. This vulnerability arises from Cloudflare's strategy of using shared infrastructure that accepts connections from all tenants. The researcher identified the vulnerabilities in Cloudflare's authenticated origin polls and allow list Cloudflare IP addresses. Despite reporting the issue to Cloudflare, it was marked as 'informative' and not addressed.

Cloudflare's protection bypass, ALPHV healthcare victim, Lazarus Meta recruiter

3min

Vulnerability, iPhone Overheating, Xenomorph Malware, Chat GPT Update, Ransomware Summary

4min

Cloudflare DDoS protections bypassed using Cloudflare

McLaren Health Care becomes latest ALPHV/BlackCat victim

Lazarus Group poses as Meta recruiters to spearfish Spanish engineers

Thanks to our episode sponsor, Conveyor

Does the thought of answering another security questionnaire make you want to beat the stuffing out of 32 pinatas?

Then you might want to check out Conveyor: the AI security review platform helping infosec and sales teams attack security questionnaires from all angles.

Reduce incoming questionnaires by sharing a trust portal with customers and for those questionnaires you do get, use our AI questionnaire completion tool to auto-generate precise answers to entire questionnaires in seconds.

Lucid tried a free one week proof of concept and reduced time spent on questionnaires by 91%. Learn more at www.conveyor.com.

For the stories behind the headlines, head to CISOseries.com.

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Cyber Security Headlines

Cloudflare’s protection bypass, ALPHV healthcare victim, Lazarus Meta recruiter

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Cloudflare's DDoS protections can be bypassed using a free account

Lazarus Group poses as recruiters to target Spanish engineers

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights