Cloudflare outage caused by botched blocking of phishing URL – BleepingComputer
Microsoft says attackers use exposed ASP.NET keys to deploy malwareMicrosoft Edge update adds AI-powered Scareware BlockerCritical RCE bug in Microsoft Outlook now exploited in attacksKimsuky hackers use new custom RDP Wrapper for remote accessMassive brute force attack uses 2.8 million IPs to target VPN devicesTurn your phone into a powerful scanner for just $41.99 with this SwiftScan dealHPE notifies employees of data breach after Russian Office 365 hackHackers exploit Cityworks RCE bug to breach Microsoft IIS serversHow to access the Dark Web using the Tor BrowserHow to enable Kernel-mode Hardware-enforced Stack Protection in Windows 11How to use the Windows Registry EditorHow to backup and restore the Windows RegistryHow to start Windows in Safe ModeHow to remove a Trojan, Virus, Worm, or other MalwareHow to show hidden files in Windows 7How to see hidden files in WindowsRemove the Theonlinesearch.com Search RedirectRemove the Smartwebfinder.com Search RedirectHow to remove the PBlock+ adware browser extensionRemove the Toksearches.xyz Search RedirectRemove Security Tool and SecurityTool (Uninstall Guide)How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundoHow to remove Antivirus 2009 (Uninstall Instructions)How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKillerLocky Ransomware Information, Help Guide, and FAQCryptoLocker Ransomware Information Guide and FAQCryptorBit and HowDecrypt Information Guide and FAQCryptoDefense and How_Decrypt Ransomware Information Guide and FAQQualys BrowserCheckSTOPDecrypterAuroraDecrypterFilesLockerDecrypterAdwCleanerComboFixRKillJunkware Removal TooleLearningIT Certification CoursesGear + GadgetsSecurityBest VPNsHow to change IP addressAccess the dark web safelyBest VPN for YouTubeAn attempt to block a phishing URL in Cloudflare’s R2 object storage platform backfired yesterday, triggering a widespread outage that brought down multiple services for nearly an hour.Cloudflare R2 is an object storage service similar to Amazon S3, designed for scalable, durable, and low-cost data storage. It offers cost-free data retrievals, S3 compatibility, data replication across multiple locations, and Cloudflare service integration.The outage occurred yesterday when an employee responded to an abuse report about a phishing URL in Cloudflare’s R2 platform. However, instead of blocking the specific endpoint, the employee mistakenly turned off the entire R2 Gateway service.”During a routine abuse remediation, action was taken on a complaint that inadvertently disabled the R2 Gateway service instead of the specific endpoint/bucket associated with the report,” explained Cloudflare in its post-mortem write-up.”This was a failure of multiple system level controls (first and foremost) and operator training.”The incident lasted for 59 minutes, between 08:10 and 09:09 UTC, and apart from the R2 Object Storage itself, it also affected services such as: There were also indirectly impacted services that experienced partial failures like Durable Objects, which had a 0.09% error rate increase due to reconnections after recovery, Cache Purge, which saw a 1.8% increase in errors (HTTP 5xx) and 10x latency spike, and Workers & Pages, that had a 0.002% deployment failures, affecting only projects with R2 bindings.Cloudflare notes that both human error and the absence of safeguards such as validation checks for high-impact actions were key to this incident.The internet giant has now implemented immediate fixes like removing the ability to turn off systems in the abuse review interface and restrictions in the Admin API to prevent service disablement in internal accounts.Additional measures to be implemented in the future include improved account provisioning, stricter access control, and a two-party approval process for high-risk actions.In November 2024, Cloudflare experienced another notable outage for 3.5 hours, resulting in the irreversible loss of 55% of all logs in the service.That incident was caused by cascading failures in Cloudflare’s automatic mitigation systems triggered by pushing a wrong configuration to a key component in the company’s logging pipeline.DDoS attacks reportedly behind DayZ and Arma network outagesMicrosoft MFA outage blocking access to Microsoft 365 appsGet a 1TB Koofr lifetime cloud storage subscription on sale in this dealMajor GitHub outage affects pull requests and other servicesMicrosoft investigates Microsoft 365 outage affecting users, adminsNot a member yet? Register NowCritical RCE bug in Microsoft Outlook now exploited in attacksCISA orders agencies to patch Linux kernel bug exploited in attacksCritical Cisco ISE bug can let attackers run commands as rootRequest your complimentary data risk assessment for AWSProtecting Against Malicious Browser Extensions: The Complete GuideGet the GOAT Guide to learn how to start validating, start defending, and start winning.Password health-check overdue? Audit your Active Directory for freeRDP Security Simplified – No VPN, No Firewall Exposure. Get a free TruGrid business trial.Terms of Use – Privacy Policy – Ethics Statement – Affiliate DisclosureCopyright @ 2003 – 2025 Bleeping Computer® LLC – All Rights ReservedNot a member yet? Register NowRead our posting guidelinese to learn what content is prohibited.
