Catalin Cimpanu on Nostr: Cado Security has discovered threat actors abusing Cloudflare's WARP service to ...
Cado Security has discovered threat actors abusing Cloudflare's WARP service to launch scanning and reconnaisance attacks.
Cado says the attacks are leveraging a common misconfiguration where system administrators are allowlisting all of Cloudflare's IP ranges instead of just those specific to a given service.
The company says it has observed crypto-mining and SSH brute-force groups use this technique to bypass Cloudflare security defenses.
https://www.cadosecurity.com/news-and-events/warpscan-cloudflare-warp-abused-to-hijack-cloud-servicesPublished at
2024-07-18 16:33:57Event JSON
{
"id": "8c506f0de6d120af39159004039802de7111c8e9d60f4d84ce324335c54d30c6",
"pubkey": "5813cb0c08b954765976fe9867ea38b2b1524e39b1f75ab22b326e25833aa766",
"created_at": 1721313237,
"kind": 1,
"tags": [
[
"proxy",
"https://mastodon.social/users/campuscodi/statuses/112807984299398814",
"activitypub"
]
],
"content": "Cado Security has discovered threat actors abusing Cloudflare's WARP service to launch scanning and reconnaisance attacks.\n\nCado says the attacks are leveraging a common misconfiguration where system administrators are allowlisting all of Cloudflare's IP ranges instead of just those specific to a given service.\n\nThe company says it has observed crypto-mining and SSH brute-force groups use this technique to bypass Cloudflare security defenses.\n\nhttps://www.cadosecurity.com/news-and-events/warpscan-cloudflare-warp-abused-to-hijack-cloud-services",
"sig": "dd7ec7981965d75621d561ee1e11a9d176dcb7f86b34178aba344c566f84b58fe8d695ba53b1902ff2a68b62cf1898c8cdfc9372a839575cd79c06ee25d6e57e"
}