December 14, 2021 5:48 PM
This article covers WAF evasion patterns and exfiltration attempts, trend data on attempted exploitation, and information on exploitation that we saw prior to the public disclosure of CVE-2021-44228....
December 14, 2021 10:23 AM
Many Cloudflare customers consume their logs using software that uses Log4j, so we are mitigating any exploit attempts via Cloudflare Logs....
December 11, 2021 1:59 PM
Customer confidence in our ability to handle their sensitive information in an ever-changing regulatory landscape has to be as solid as our offerings, so we have expanded the scope of our previously-existing compliance validations; not only that, we’ve also managed to obtain a couple of new ones....
December 10, 2021 11:39 PM
Yesterday, December 9, 2021, when a serious vulnerability in the popular Java-based logging package log4j was publicly disclosed, our security teams jumped into action to help respond to the first question and answer the second question. This post explores the second....
December 10, 2021 9:24 PM
The vulnerability disclosed yesterday in the Java-based logging package, log4j, allows attackers to execute code on a remote server. We’ve updated Cloudflare’s WAF to defend your infrastructure against this 0-day attack. ...
December 10, 2021 6:36 PM
In this post we explain the history of this vulnerability, how it was introduced, how Cloudflare is protecting our clients. We will update later with actual attempted exploitation we are seeing blocked by our firewall service....
December 10, 2021 1:58 PM
Today, we’re excited to announce new integrations with mobile device management vendors Microsoft, Ivanti, JumpCloud, Kandji, and Hexnode to make the deployment of Cloudflare WARP even easier....
December 10, 2021 1:58 PM
Today we are announcing secure domain registrations bundled into enterprise contracts....
December 10, 2021 11:39 AM
A zero-day exploit affecting the popular Apache Log4j utility (CVE-2021-44228) was made public on December 9, 2021, that results in remote code execution (RCE)....
December 09, 2021 3:53 PM
Gone are the days of the Secure Email Gateway (SEG) being an option. Cloud-native email protection with multiple deployment options are now changing the game. With winter in our minds, it’s time to start talking about “ICE.”...
December 09, 2021 1:59 PM
Cloudflare partners with leading cyber insurers and incident response providers to help customers reduce their insurance premiums and improve cyber risk....
December 09, 2021 1:59 PM
We're launching Security Center, making attack surface management actionable and accessible, built on Cloudflare’s unique visibility into Internet activity and expertise on security best practices....
December 09, 2021 1:59 PM
To improve security, we’re adding threat intel integration and geo-blocking. For visibility, we’re packet captures at the edge, a way to see packets arrive at the edge in near real-time....
December 07, 2021 1:59 PM
We're excited to announce that customers will soon be able to store their Cloudflare logs on Cloudflare R2 storage. Storing your logs on Cloudflare will give CIOs and Security Teams an opportunity to consolidate their infrastructure; creating simplicity, savings and additional se...
December 07, 2021 1:59 PM
Protect your team from phishing attacks by controlling user input on suspicious and sensitive websites with Cloudflare Browser Isolation....
December 06, 2021 2:00 PM
Today, we’re excited to announce new capabilities to help customers make the switch from hardware firewall appliances to a true cloud-native firewall built for next-generation networks....
December 06, 2021 1:59 PM
By combining the power of eBPF and Nftables, Magic Firewall can mitigate sophisticated attacks on infrastructure by enforcing a positive security model....
December 06, 2021 1:59 PM
Today we’re excited to announce a combination of two features, Zero Trust role-based access and selective logging. With these features, administrators will be able to protect not only their users but also the data their users generate....
December 03, 2021 1:59 PM
Cloudflare can now send proactive notifications about any application security event spike, so you are warned whenever an attack might be targeting your application....
