“Cloudflare’s Slesloft/DRIFT revealing the phenomenon stands as an excellent example of transparency and accountability in cyber security reporting. His blog not only provides clear technical details, but also openly accepts responsibility for the risks generated by the integration of the third party,” Say said. ” “Moving on to strengthen its mother -in -law and toolchen protection, Claudflare demonstrated both maturity and leadership in response to the event, establishing a high bar, setting up a high bar that organizations should communicate, treat and strengthen confidence after the supply chain agreement.”
Oauth token cancellation
Eric AwakianThe technical consultant in the INFO-Tech Research Group and the former state CISO for the Commonwealth of Pennsylvania recommended that users should “periodically cancel and refresh unused oauth tokens and refresh them, and where possible, should apply the expiration, which are all the basic zero trust principles.”
“This incident also explains why this type of attack reflects an increase in mother-in-law risk. When we are relying on third-party apps with direct API access, we are really relying on them to carefully secure our authentic tokens.” “But if we focus and employ a zero trust mentality in our environment, we should actually treat third-party applications and mother-in-law like any other external network.”
