March 07, 2022 1:59 PM
Today, Cloudflare is launching the Critical Infrastructure Defense Project. The Project was born out of conversations with cybersecurity and government experts concerned about potential retaliation to the sanctions that resulted from the Russian invasion of Ukraine...
March 07, 2022 5:03 AM
At Cloudflare, we've watched in horror the Russian invasion of Ukraine. As the possibility of war looked more likely, we began to carefully monitor the situation on the ground, with the goal of keeping our employees, our customers, and our network safe...
March 04, 2022 4:46 PM
Whether you’re a seasoned IT professional or a novice website operator, these free Cloudflare resources are available for you today. Beyond these free resources, there are a few simple steps that you can take to help stay protected online...
February 24, 2022 5:30 PM
As Cloudflare expands globally, Rebecca Rogers, Manager of Security Validations, discusses an exciting update to Cloudflare’s commitment to customer security for our German customers...
February 23, 2022 10:00 PM
Earlier today we announced that Cloudflare has agreed to acquire Area 1 Security...
February 10, 2022 9:18 PM
Earlier today, Cloudflare announced that we have acquired Vectrix, a cloud-access security broker (CASB) company focused on solving the problem of control and visibility in the SaaS applications and public cloud providers that your team uses...
February 01, 2022 5:28 PM
Today we are launching Cloudflare’s paid public bug bounty program. We believe bug bounties are a vital part of every security team’s toolbox....
January 26, 2022 1:59 PM
More than 50% of all traffic processed by Cloudflare is API-based, and it’s growing twice as fast as traditional web traffic. This growth calls for the development of dedicated security solutions....
December 31, 2021 1:54 PM
As we approach the end of the year, let's look ahead at some trends and predictions for 2022...
December 15, 2021 1:56 PM
This vulnerability is actively being exploited and anyone using Log4J should update to version 2.16.0 as soon as possible. Latest version is available on the Log4J download page....
December 15, 2021 1:56 PM
Recently, we received a bug bounty report regarding the GPG signing key used for pkg.cloudflareclient.com, the Linux package repository for our Cloudflare WARP products....
December 14, 2021 5:48 PM
This article covers WAF evasion patterns and exfiltration attempts, trend data on attempted exploitation, and information on exploitation that we saw prior to the public disclosure of CVE-2021-44228....
December 14, 2021 10:23 AM
Many Cloudflare customers consume their logs using software that uses Log4j, so we are mitigating any exploit attempts via Cloudflare Logs....
December 11, 2021 1:59 PM
Customer confidence in our ability to handle their sensitive information in an ever-changing regulatory landscape has to be as solid as our offerings, so we have expanded the scope of our previously-existing compliance validations; not only that, we’ve also managed to obtain a co...
December 10, 2021 11:39 PM
Yesterday, December 9, 2021, when a serious vulnerability in the popular Java-based logging package log4j was publicly disclosed, our security teams jumped into action to help respond to the first question and answer the second question. This post explores the second....
December 10, 2021 9:24 PM
The vulnerability disclosed yesterday in the Java-based logging package, log4j, allows attackers to execute code on a remote server. We’ve updated Cloudflare’s WAF to defend your infrastructure against this 0-day attack. ...
December 10, 2021 9:06 PM
I wrote earlier about how to mitigate CVE-2021-44228 in Log4j, how the vulnerability came about and Cloudflare’s mitigations for our customers. As I write we are rolling out protection for our FREE customers as well because of the vulnerability’s severity....
December 10, 2021 6:36 PM
In this post we explain the history of this vulnerability, how it was introduced, how Cloudflare is protecting our clients. We will update later with actual attempted exploitation we are seeing blocked by our firewall service....
December 10, 2021 1:58 PM
Today, we’re excited to announce new integrations with mobile device management vendors Microsoft, Ivanti, JumpCloud, Kandji, and Hexnode to make the deployment of Cloudflare WARP even easier....
