Cloudflare Blog: Security

Getting Cloudflare Tunnels to connect to the Cloudflare Network with QUIC

October 20, 2021 2:00PM

It is now possible to connect a Cloudflare Tunnel to the Cloudflare network with QUIC. While doing this, we ran into an interesting connectivity problem unique to UDP....

Sudarsan Reddy

Zero Trust — Not a Buzzword

October 20, 2021 2:00AM

Zero Trust Security VPN

Over the last few years, Zero Trust, a term coined by Forrester, picked up a lot of steam. Zero Trust, in its core, is a network architecture and security framework focusing on not having a distinction between external and internal access environments, and never trusting users/roles....

Fernando Serto

Privacy-Preserving Compromised Credential Checking

October 14, 2021 1:59PM

Research Security Product News

Announcing a public demo and open-sourced implementation of a privacy-preserving compromised credential checking service...

Research Directions in Password Security

October 14, 2021 1:59PM

Research Security Product News

We've been studying password problems, including malicious logins using compromised credentials. Here's what we learned and here's where we think we can go from here with safer password systems....

Introducing SSL/TLS Recommender

October 12, 2021 2:01PM

Research Security SSL TLS Product News

Introducing customized recommendations to improve the security of your website....

October 12, 2021 1:59PM

Dynamic Process Isolation: Research by Cloudflare and TU Graz

Cloudflare worked with TU Graz to study the impact of Spectre on Cloudflare Workers and to develop new defenses against it. Today we're publishing a paper about our research....

By

Kenton Varda

Research , Cloudflare Workers , Security

October 12, 2021 1:59PM

Handshake Encryption: Endgame (an ECH update)

In this post, we’ll dig into ECH details and describe what this protocol does to move the needle to help build a better Internet....

By

Christopher Wood
, Christopher Patton

Research , Protocols , Security , Privacy , TLS

October 12, 2021 1:59PM

Privacy Pass v3: the new privacy bits

A new version of Privacy Pass for reducing the number of CAPTCHAs....

By

Research , Security , Privacy Pass , CAPTCHA

October 08, 2021 11:29AM

Helping Apache Servers stay safe from zero-day path traversal attacks (CVE-2021-41773)

On September 29th 2021, the Apache Security team was alerted of a path traversal vulnerability being actively exploited (zero-day) against Apache HTTP Server version 2.4.49. Customers running the affected Apache version, should update to 2.5.51 as soon as possible....

By

Michael Tremante

WAF Rules , Security , Vulnerabilities , Cloudflare Access

October 01, 2021 1:05AM

May I ask who’s calling, please? A recent rise in VoIP DDoS attacks

Over the past month, multiple Voice over Internet Protocol (VoIP) providers have been targeted by Distributed Denial of Service (DDoS) attacks from entities claiming to be REvil....

By

Omer Yoachimik
, Alex Forster

Device Security , Security , DDoS , VoIP , Ransom DDoS

September 14, 2021 1:58PM

Data at Cloudflare just got a lot faster: Announcing Live-updating Analytics and Instant Logs

Today, we’re excited to introduce Live-updating Analytics and Instant Logs. For Pro, Business, and Enterprise customers, our analytics dashboards now update in real time. In addition to this, Enterprise customers can now view their HTTP request logs instantly in the Cloudflare dashboard....

By

Jon Levine
, Tanushree Sharma

Speed Week , Logs , Product News , Security , Analytics

September 08, 2021 10:18AM

How Cloudflare helped mitigate the Atlassian Confluence OGNL vulnerability before the PoC was released

On August 25, 2021, Atlassian released a security advisory affecting their Confluence application. The Cloudflare WAF soon after started mitigating an increase in malicious traffic to vulnerable endpoints ensuring customers remained protected....

By

Michael Tremante

WAF Rules , Security , Vulnerabilities , Cloudflare Access

August 23, 2021 2:08PM

Making Magic Transit health checks faster and more responsive

Magic Transit advertises our customer’s IP prefixes directly from our edge network, applying DDoS mitigation and firewall policies to all traffic destined for the customer’s network....

By

Meyer Zinn

Magic Transit , Security , Network Interconnect , Network Services

August 12, 2021 2:00PM

More devices, fewer CAPTCHAs, happier users

Today, we are taking another step in helping to reduce the Internet’s reliance on CAPTCHAs to prove that you are not a robot. We are expanding the reach of our Cryptographic Attestation of Personhood experiment by adding support for a much wider range of devices....

By

Wesley Evans
, Tara Whalen

Research , Security , Product News , Accessibility