IANS Cyber Intel

Security Briefing: Cloudflare Loses Logs, LogoFAIL Exploited, Firefox Zero Days

Listen Later

December 4th, 2024 Security Briefing with IANS Faculty Wolfgang Goerlich and Jake Williams

This Episode Details:

  • Cloudflare’s Missing Logs - On November 14, Cloudflare made changes to an internal service that resulted in the loss of 55% of all logs pushed to customers over a 3.5 hour period. Users of the “Cloudflare Logs” service were impacted by what can only be described as a cascading failure.
    • LogoFAIL Actively Exploited - Last week, researchers discovered code named BootKitty that was using the LogoFAIL vulnerability to exploit UEFI and load malware at boot time. Malware deployed in this manner loads before any security products and breaks the “secure boot” paradigm.
      • RomCom’s Firefox Zero Days - Security firm ESET has identified that the Russian-attributed threat actor group RomCom is using an exploit chain of two zero-day vulnerabilities in Firefox to exploit targets across Europe and North America. The exploits do not require user interaction (zero-click).


        • With ⁠IANS Research⁠, get security expertise at speed. IANS Research is a clear-headed resource for decision making and articulating risk, providing experience-based security insights for Chief Information Security Officers and their teams.

        Any views or opinions presented in this document are solely those of the Faculty and do not necessarily represent the views and opinions of IANS. Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our written reports, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by the client in connection with such information, opinions, or advice.

        ...more
        View all episodesView all episodes
        Download on the App Store
        IANS Cyber IntelBy IANS Research