Cyber Security Headlines

Cloudflare’s protection bypass, ALPHV healthcare victim, Lazarus Meta recruiter

Oct 2, 2023

Cloudflare's protection bypassed; McLaren Health Care victimized; Lazarus Group impersonates Meta recruiters; CISOseries.com covers the stories behind the headlines: bypass in Cloudflare's firewall discovered, McLaren Healthcare falls victim to a cyber group, Lazarus Group targets Spanish engineers, critical vulnerability in Microsoft SharePoint Server found.

07:08

Creator website

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Cloudflare's DDoS protections can be bypassed through logic flaws in cross-tenant security controls.

Lazarus Group impersonates Meta recruiters to launch sophisticated attacks on Spanish engineers.

Deep dives

Cloudflare's DDoS protections can be bypassed using a free account

A researcher has discovered that Cloudflare's firewall and DDoS prevention can be bypassed by leveraging logic flaws in cross-tenant security controls. This vulnerability arises from Cloudflare's strategy of using shared infrastructure that accepts connections from all tenants. The researcher identified the vulnerabilities in Cloudflare's authenticated origin polls and allow list Cloudflare IP addresses. Despite reporting the issue to Cloudflare, it was marked as 'informative' and not addressed.

Cloudflare's protection bypass, ALPHV healthcare victim, Lazarus Meta recruiter

3min

Vulnerability, iPhone Overheating, Xenomorph Malware, Chat GPT Update, Ransomware Summary

4min

Cloudflare DDoS protections bypassed using Cloudflare

McLaren Health Care becomes latest ALPHV/BlackCat victim

Lazarus Group poses as Meta recruiters to spearfish Spanish engineers

Thanks to our episode sponsor, Conveyor

Does the thought of answering another security questionnaire make you want to beat the stuffing out of 32 pinatas?

Then you might want to check out Conveyor: the AI security review platform helping infosec and sales teams attack security questionnaires from all angles.

Reduce incoming questionnaires by sharing a trust portal with customers and for those questionnaires you do get, use our AI questionnaire completion tool to auto-generate precise answers to entire questionnaires in seconds.

Lucid tried a free one week proof of concept and reduced time spent on questionnaires by 91%. Learn more at www.conveyor.com.

For the stories behind the headlines, head to CISOseries.com.

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

Cyber Security Headlines

Cloudflare’s protection bypass, ALPHV healthcare victim, Lazarus Meta recruiter

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Cloudflare's DDoS protections can be bypassed using a free account

Lazarus Group poses as recruiters to target Spanish engineers

Remember Everything You Learn from Podcasts