An exposed apt signing key and how to improve apt security
2021-12-15
Recently, we received a bug bounty report regarding the GPG signing key used for pkg.cloudflareclient.com, the Linux package repository for our Cloudflare WARP products....
Exploitation of Log4j CVE-2021-44228 before public disclosure and evolution of evasion and exfiltration
2021-12-14
This article covers WAF evasion patterns and exfiltration attempts, trend data on attempted exploitation, and information on exploitation that we saw prior to the public disclosure of CVE-2021-44228....
Sanitizing Cloudflare Logs to protect customers from the Log4j vulnerability
2021-12-14
Many Cloudflare customers consume their logs using software that uses Log4j, so we are mitigating any exploit attempts via Cloudflare Logs....
Maximum redirects, minimum effort: Announcing Bulk Redirects
2021-12-13
Bulk Redirects is a new product that allows an administrator to upload and enable hundreds of thousands of URL redirects within minutes, without having to write a single line of code....
How Cloudflare Is Solving Network Interconnection for CIOs
2021-12-11
Instant network provisioning in over 1000 new locations coming over the next year makes it faster and easier than ever to interconnect with Cloudflare....
Version and Stage Configuration Changes with HTTP Applications in Beta
2021-12-11
Today, we are announcing a closed beta of HTTP Applications: a new way to safely test and deploy changes to your HTTP traffic...
What’s new with Notifications?
2021-12-11
We know that notifications are incredibly important to our customers. Cloudflare sits in between your Internet property and the rest of the world. When something goes wrong, you want to know right away because it could have a huge impact on your end users....
Updates to Cloudflare Security and Privacy Certifications and Reports
2021-12-11
Customer confidence in our ability to handle their sensitive information in an ever-changing regulatory landscape has to be as solid as our offerings, so we have expanded the scope of our previously-existing compliance validations; not only that, we’ve also managed to obtain a couple of new ones....
All the Platform Improvements We’ve Made in 2021 to Make CIOs Lives Easier
2021-12-11
While over time best practices and technologies change, we aim to ensure our platform meets the security needs and depth of control that our customers require. In that spirit, we have been busy over the past year delivering important updates to many of our platform services....
How Cloudflare security responded to Log4j 2 vulnerability
2021-12-10
Yesterday, December 9, 2021, when a serious vulnerability in the popular Java-based logging package log4j was publicly disclosed, our security teams jumped into action to help respond to the first question and answer the second question. This post explores the second....
Secure how your servers connect to the Internet today
2021-12-10
The vulnerability disclosed yesterday in the Java-based logging package, log4j, allows attackers to execute code on a remote server. We’ve updated Cloudflare’s WAF to defend your infrastructure against this 0-day attack. ...
Actual CVE-2021-44228 payloads captured in the wild
2021-12-10
I wrote earlier about how to mitigate CVE-2021-44228 in Log4j, how the vulnerability came about and Cloudflare’s mitigations for our customers. As I write we are rolling out protection for our FREE customers as well because of the vulnerability’s severity....
Inside the Log4j2 vulnerability (CVE-2021-44228)
2021-12-10
In this post we explain the history of this vulnerability, how it was introduced, how Cloudflare is protecting our clients. We will update later with actual attempted exploitation we are seeing blocked by our firewall service....
Cloudflare One helps optimize user connectivity to Microsoft 365
2021-12-10
Cloudflare One partners with Microsoft to optimize user connectivity to Microsoft 365...
Argo for Packets is Generally Available
2021-12-10
Today, we’re announcing the general availability of Argo for Packets, which provides IP layer network optimizations to supercharge your Cloudflare network services products....
Cloudflare announces integrations with MDM companies
2021-12-10
Today, we’re excited to announce new integrations with mobile device management vendors Microsoft, Ivanti, JumpCloud, Kandji, and Hexnode to make the deployment of Cloudflare WARP even easier....
Cloudflare Agent — Seamless Deployment at Scale
2021-12-10
Today we are excited to announce our zero trust agent now has feature parity across all major platforms. ...
Introducing Cloudflare Domain Protection — Making Domain Compromise a Thing of the Past
2021-12-10
Today we are announcing secure domain registrations bundled into enterprise contracts....
CVE-2021-44228 - Log4j RCE 0-day mitigation
2021-12-10
A zero-day exploit affecting the popular Apache Log4j utility (CVE-2021-44228) was made public on December 9, 2021, that results in remote code execution (RCE)....
Tip of the ICEberg for Cloud-Native Email Security: Area 1 Named in the Gartner™ Market Guide for Email Security
2021-12-09
Gone are the days of the Secure Email Gateway (SEG) being an option. Cloud-native email protection with multiple deployment options are now changing the game. With winter in our minds, it’s time to start talking about “ICE.”...
