Looking Forward: Some Predictions for 2022
December 31, 2021 1:54 PM
As we approach the end of the year, let's look ahead at some trends and predictions for 2022...
Protection against CVE-2021-45046, the additional Log4j RCE vulnerability
December 15, 2021 1:56 PM
This vulnerability is actively being exploited and anyone using Log4J should update to version 2.16.0 as soon as possible, even if you have previously updated to 2.15.0. The latest version can be found on the Log4J download page....
An exposed apt signing key and how to improve apt security
December 15, 2021 1:56 PM
Recently, we received a bug bounty report regarding the GPG signing key used for pkg.cloudflareclient.com, the Linux package repository for our Cloudflare WARP products....
Exploitation of Log4j CVE-2021-44228 before public disclosure and evolution of evasion and exfiltration
December 14, 2021 5:48 PM
In this blog post we will cover WAF evasion patterns and exfiltration attempts seen in the wild, trend data on attempted exploitation, and information on exploitation that we saw prior to the public disclosure of CVE-2021-44228....
Sanitizing Cloudflare Logs to protect customers from the Log4j vulnerability
December 14, 2021 10:23 AM
Many Cloudflare customers consume their logs using software that uses Log4j, so we are mitigating any exploit attempts via Cloudflare Logs....
MORE POSTS
December 10, 2021 11:39 PM
How Cloudflare security responded to Log4j 2 vulnerability
Yesterday, December 9, 2021, when a serious vulnerability in the popular Java-based logging package log4j was publicly disclosed, our security teams jumped into action to help respond to the first question and answer the second question. This post explores the second....
- By
December 10, 2021 9:24 PM
Secure how your servers connect to the Internet today
The vulnerability disclosed yesterday in the Java-based logging package, log4j, allows attackers to execute code on a remote server. We’ve updated Cloudflare’s WAF to defend your infrastructure against this 0-day attack. ...
- By
December 10, 2021 9:06 PM
Actual CVE-2021-44228 payloads captured in the wild
I wrote earlier about how to mitigate CVE-2021-44228 in Log4j, how the vulnerability came about and Cloudflare’s mitigations for our customers. As I write we are rolling out protection for our FREE customers as well because of the vulnerability’s severity....
- By
December 10, 2021 6:36 PM
Inside the Log4j2 vulnerability (CVE-2021-44228)
In this post we explain the history of this vulnerability, how it was introduced, how Cloudflare is protecting our clients. We will update later with actual attempted exploitation we are seeing blocked by our firewall service....
- By
December 10, 2021 1:58 PM
Cloudflare announces integrations with MDM companies
Today, we’re excited to announce new integrations with mobile device management vendors Microsoft, Ivanti, JumpCloud, Kandji, and Hexnode to make the deployment of Cloudflare WARP even easier....
- By
December 10, 2021 1:58 PM
Introducing Cloudflare Domain Protection — Making Domain Compromise a Thing of the Past
Today we are announcing secure domain registrations bundled into enterprise contracts....
- By
December 10, 2021 11:39 AM
CVE-2021-44228 - Log4j RCE 0-day mitigation
A zero-day exploit affecting the popular Apache Log4j utility (CVE-2021-44228) was made public on December 9, 2021 that results in remote code execution (RCE). This vulnerability is actively being exploited and anyone using Log4j should update to version 2.15.0 as soon as possibl...
- By
December 09, 2021 3:53 PM
Tip of the ICEberg for Cloud-Native Email Security: Area 1 Named in the Gartner™ Market Guide for Email Security
Gone are the days of the Secure Email Gateway (SEG) being an option. Cloud-native email protection with multiple deployment options are now changing the game. With winter in our minds, it’s time to start talking about “ICE.”...
- By
December 09, 2021 1:59 PM
Cloudflare announces partnerships with leading cyber insurers and incident response providers
Cloudflare partners with leading cyber insurers and incident response providers to help customers reduce their insurance premiums and improve cyber risk....
- By
December 09, 2021 1:59 PM
Introducing Cloudflare Security Center
Today we're launching Security Center, which is making attack surface management actionable and accessible for everyone, built on Cloudflare’s unique visibility into Internet activity and expertise on security best practices....
- By
December 09, 2021 1:59 PM
Shadow IT: make it easy for users to follow the rules
We’re excited to announce updates to Cloudflare for Teams that address Shadow IT challenges. Our Zero Trust platform provides a framework to identify new applications, block applications and provide a single location for approved applications....
- By
December 09, 2021 1:59 PM
Magic Firewall gets Smarter
To improve security, we’re adding threat intel integration and geo-blocking. For visibility, we’re packet captures at the edge, a way to see packets arrive at the edge in near real-time....
- By
December 07, 2021 1:59 PM
Store your Cloudflare logs on R2
We're excited to announce that customers will soon be able to store their Cloudflare logs on Cloudflare R2 storage. Storing your logs on Cloudflare will give CIOs and Security Teams an opportunity to consolidate their infrastructure; creating simplicity, savings and additional se...
- By
December 07, 2021 1:59 PM
Control input on suspicious sites with Cloudflare Browser Isolation
Protect your team from phishing attacks by controlling user input on suspicious and sensitive websites with Cloudflare Browser Isolation....
- By