Security Operations
,
Web Application Firewalls (WAF)
Outage Briefly Disrupts Services for Zoom, LinkedIn, and Others
On Friday, Cloudflare, a prominent content delivery network provider, experienced a brief outage that affected several key websites, including well-known platforms like LinkedIn, Zoom, and Canva. This incident is notably the second disruption in a month, although the company asserts that the causes are distinct.
The outage prompted numerous users to report an internal server error while trying to access these services. Fortunately, the affected websites have since regained functionality. According to a Cloudflare representative, the disruption was first detected around 8:47 GMT and was linked to the parsing of requests by the company’s web application firewall, which impacted network availability.
Clarifying the nature of the incident, the spokesperson emphasized that it was not the result of a cyberattack but rather an internal change aimed at mitigating a recently disclosed vulnerability in React Server Components. This adjustment was made to bolster their web application firewall against potential exploitation of these vulnerabilities, which had been outlined in a recent blog post by Cloudflare.
Online monitoring service DownDetector, which also experienced complications due to the outage, recorded nearly 4,000 reports throughout Friday, predominantly citing server connectivity issues. This incident underscores the increasing frequency of disruptions tied to the integration complexities of technology stacks used by major service providers. Given these companies’ extensive market presence across various sectors, a single technical malfunction can lead to widespread impact.
It is worth noting that a previous Cloudflare outage in November caused considerable internet disruptions lasting several hours. The company attributed that event to a database update intended to block bot traffic, which inadvertently resulted in what resembled an internal distributed denial-of-service attack.
Similar incidents highlight the vulnerabilities inherent in large-scale technology operations. An October failure within Amazon Web Services disrupted banking functions for institutions such as Lloyds and Halifax, while a botched software update in 2024 by cybersecurity firm CrowdStrike led to 8.5 million Windows machines going offline.
For businesses leveraging Cloudflare or similar platforms, this recent outage serves as a reminder of the pressing need to remain vigilant against potential cybersecurity risks. Adversary tactics relevant to this incident may include initial access strategies, privilege escalation, and network disruption techniques from the MITRE ATT&CK framework. Understanding these tactics can help organizations prepare and fortify their defenses against future disruptions.
