c
March 28, 2024, 3:09 a.m. |

Cloud Security Alliance cloudsecurityalliance.org

Originally published by Oasis Security. Written by Roey Rozi, Director of Solutions Architecture, Oasis Security. Cloudflare disclosed on February 2nd that it had been breached by a suspected nation-state attacker. This breach exploited multiple unrotated and exposed secrets. The chain of events began with the Okta breach in October 2023, during which the attacker gained administrative access to Cloudflare’s Okta system. Although the Cloudflare team attempted to rotate all relevant credential...

architecture attacker breach breached cloudflare director events exploited exposed february human identities nation non non-human identities oasis october okta okta breach secrets security solutions state written

More from cloudsecurityalliance.org / Cloud Security Alliance

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland

Cyber Security Strategy Consultant

@ Capco | New York City

Cyber Security Senior Consultant

@ Capco | Chicago, IL

Senior Security Researcher - Linux MacOS EDR (Cortex)

@ Palo Alto Networks | Tel Aviv-Yafo, Israel

Sr. Manager, NetSec GTM Programs

@ Palo Alto Networks | Santa Clara, CA, United States

SOC Analyst I

@ Fortress Security Risk Management | Cleveland, OH, United States