ZARZA We are Zarza, the prestigious firm behind major projects in information technology.
Listen "Security Briefing: Cloudflare Loses Logs, LogoFAIL Exploited, Firefox Zero Days"
Episode Synopsis
December 4th, 2024 Security Briefing with IANS Faculty Wolfgang Goerlich and Jake Williams
This Episode Details:
Cloudflare’s Missing Logs - On November 14, Cloudflare made changes to an internal service that resulted in the loss of 55% of all logs pushed to customers over a 3.5 hour period. Users of the “Cloudflare Logs” service were impacted by what can only be described as a cascading failure.
LogoFAIL Actively Exploited - Last week, researchers discovered code named BootKitty that was using the LogoFAIL vulnerability to exploit UEFI and load malware at boot time. Malware deployed in this manner loads before any security products and breaks the “secure boot” paradigm.
RomCom’s Firefox Zero Days - Security firm ESET has identified that the Russian-attributed threat actor group RomCom is using an exploit chain of two zero-day vulnerabilities in Firefox to exploit targets across Europe and North America. The exploits do not require user interaction (zero-click).
With IANS Research, get security expertise at speed. IANS Research is a clear-headed resource for decision making and articulating risk, providing experience-based security insights for Chief Information Security Officers and their teams.
Any views or opinions presented in this document are solely those of the Faculty and do not necessarily represent the views and opinions of IANS. Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our written reports, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by the client in connection with such information, opinions, or advice.
This Episode Details:
Cloudflare’s Missing Logs - On November 14, Cloudflare made changes to an internal service that resulted in the loss of 55% of all logs pushed to customers over a 3.5 hour period. Users of the “Cloudflare Logs” service were impacted by what can only be described as a cascading failure.
LogoFAIL Actively Exploited - Last week, researchers discovered code named BootKitty that was using the LogoFAIL vulnerability to exploit UEFI and load malware at boot time. Malware deployed in this manner loads before any security products and breaks the “secure boot” paradigm.
RomCom’s Firefox Zero Days - Security firm ESET has identified that the Russian-attributed threat actor group RomCom is using an exploit chain of two zero-day vulnerabilities in Firefox to exploit targets across Europe and North America. The exploits do not require user interaction (zero-click).
With IANS Research, get security expertise at speed. IANS Research is a clear-headed resource for decision making and articulating risk, providing experience-based security insights for Chief Information Security Officers and their teams.
Any views or opinions presented in this document are solely those of the Faculty and do not necessarily represent the views and opinions of IANS. Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our written reports, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by the client in connection with such information, opinions, or advice.
More episodes of the podcast IANS Cyber Intel
Security Briefing: Exchange Vulns, SonicWall Zero Day That Wasn’t, GitHub to Join MSFT’s CoreAI
13/08/2025
Security Briefing: Mobile Provider Leaks Location Data, ConnectWise Breach, Red Canary Acquired
04/06/2025
Security Briefing: EU Souring on US Cloud Providers, CISA Cuts, Supply Chain Cautionary Tale
09/04/2025
The State of the CISO in 2025
17/02/2025
In God we trust