Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Over the last twelve months, the Internet security landscape has changed dramatically. Geopolitical uncertainty, coupled with an active 2024 voting season in many countries across the world, has led to a substantial increase in malicious traffic activity across the Internet. In this report, we take a look at Cloudflare’s perspective on Internet application security. This report is the fourth edition of our Application Security Report and is an official update to our Q2 2023 report.

Russian state-sponsored media organization RT has been using AI-powered software to generate realistic social media personas and spread disinformation for the past two years. This sophisticated tool, known as Meliorator, has been employed to target multiple countries, including the US, Poland, Germany, the Netherlands, Spain, Ukraine, and Israel. Meliorator's Capabilities.

The Sysdig Threat Research Team (TRT) continued observation of the SSH-Snake threat actor we first identified in February 2024. New discoveries showed that the threat actor behind the initial attack expanded its operations greatly, justifying an identifier to further track and report on the actor and campaigns: CRYSTALRAY. This actor previously leveraged the SSH-Snake open source software (OSS) penetration testing tool during a campaign exploiting Confluence vulnerabilities.

Regularly updating the software on your connected devices is essential to keep them secure from cyber-attacks. To maintain security, it is crucial to install software updates that often contain important security patches that fix vulnerabilities that hackers could exploit. Without these updates, your devices could be at risk of being hacked. Keeping software up to date is vital for cybersecurity and performance, ensuring your devices are protected against vulnerabilities and run efficiently.

Paul Lockley – VP Sales, EMEA In the ever-evolving landscape of transportation, the emergence of Connected and Automated Vehicles (CAVs) presents a promising shift towards safer, greener, and more accessible mobility solutions. However, as we embark on this transformative journey, it’s imperative to address the ethical considerations inherent in the development and deployment of CAVs.

Amazon S3 buckets have become a cornerstone of cloud storage for businesses worldwide. AWS services, including S3, are integral to cloud storage and security. Their scalability and cost-effectiveness make them attractive, but this popularity comes with heightened security risks.

The digital landscape is wild--and getting wilder. Research from Rubrik Zero Labs shows that cyber attacks are on the rise, with 94% of organizations reporting a significant attack in the last year. And the attacks are effectively disrupting business, with 62% of those reporting an attack revealing that their systems were compromised. So security teams need to use all of the tools in their toolkits to protect the enterprise.

Jay Jacobs and I recently delivered an RSA presentation called Quantifying the Probability of Flaws in Open Source. Since many people didn’t get a chance to see it, I thought I’d summarize some of the findings here for posterity. The question we investigated was simple, at least conceptually: what are the red flags of an open-source repository? Are there characteristics of a given open source library that would reliably indicate it was safer than others?