Cloudflare Blog: Security

Introducing the Project Argus Datacenter-ready Secure Control Module design specification

October 16, 2023 6:53PM

The DC-SCM (Datacenter-ready Secure Control Module) decouples server management from the server motherboard. It provides flexibility to implement multiple server management and security solutions with the same server motherboard design...

HTTP/2 Rapid Reset: deconstructing the record-breaking attack

October 10, 2023 1:02PM

DDoS Vulnerabilities Trends Attacks Security

This post dives into the details of the HTTP/2 protocol, the feature that attackers exploited to generate the massive Rapid Reset attacks, and the mitigation strategies we took to ensure all our customers are protected...

HTTP/2 Zero-Day vulnerability results in record-breaking DDoS attacks

October 10, 2023 1:02PM

Security Vulnerabilities Attacks DDoS

The “HTTP/2 Rapid Reset” attack exploits a weakness in the HTTP/2 protocol to generate enormous, hyper-volumetric DDoS attacks. Cloudflare has mitigated a barrage of these attacks in recent months, including an attack three times larger than any previous attack we’ve observed...

Grant Bourzikas

Uncovering the Hidden WebP vulnerability: a tale of a CVE with much bigger implications than it originally seemed

October 05, 2023 4:00PM

Vulnerabilities Chrome WebP Security Swift

Recently, Google announced a security issue in Google Chrome, titled "Heap buffer overflow in WebP in Google Chrome." Initially, it seemed like just another bug in the popular web browser. However, what we discovered was far more significant and had implications that extended well beyond Chrome...

Announcing General Availability for the Magic WAN Connector: the easiest way to jumpstart SASE transformation for your network

October 03, 2023 1:55PM

Product News Security Magic WAN Magic WAN Connector SASE

We’re announcing the general availability of the Magic WAN Connector, which serves as the glue between your existing network hardware and Cloudflare’s networ...

Annika Garbers

October 02, 2023 2:00PM

Birthday Week recap: everything we announced — plus an AI-powered opportunity for startups

Need a recap or refresher on all the big Birthday Week news this week? This recap has you covered...

By

Dina Kozlov
, Mia Wang

Birthday Week , Product News , AI , Turnstile , CAPTCHA

September 29, 2023 2:00PM

Cloudflare now uses post-quantum cryptography to talk to your origin server

Starting today, you can secure the connection between Cloudflare and your origin server with post-quantum cryptography...

By

Birthday Week , Post-Quantum , Research , Cryptography , Security

September 29, 2023 2:00PM

Detecting zero-days before zero-day

In this blog post we talk about our approach and ongoing research into detecting novel web attack vectors in our WAF before they are seen by a security researcher....

By

Michael Tremante

Birthday Week , WAF , Security , AI

September 29, 2023 2:00PM

Cloudflare is free of CAPTCHAs; Turnstile is free for everyone

Now that we’ve eliminated CAPTCHAs at Cloudflare, we want to hasten the demise of CAPTCHAs across the internet. We’re thrilled to announce that Turnstile is generally available, and Turnstile’s ‘Managed’ mode is now completely free to everyone for unlimited use....

By

Birthday Week , Product News , Turnstile , CAPTCHA , Speed & Reliability

September 25, 2023 2:00PM

Cloudflare account permissions, how to use them, and best practices

Cloudflare has a lot of new roles, how should we use them, and how can we stay safe...

By

Joseph So

Birthday Week , Security

September 15, 2023 2:00PM

Making Content Security Policies (CSPs) easy with Page Shield

We just deployed a number of updates to our Client-Side Security Product: Page Shield. As of today we support all major CSP directives, better suggestions, better violation reporting, Page Shield specific user role permissions, and domain insights...

By

Michael Tremante

Page Shield , Security

August 21, 2023 3:15PM

Application Security Report: Q2 2023

We are back with a quarterly update of our Application Security report. Read on to learn about new attack trends and insights visible from Cloudflare’s global network...

By

Cloudflare Radar , Security , WAF , Bots , DDoS

August 21, 2023 2:00PM

An August reading list about online security and 2023 attacks landscape

Here is a reading list with 2023 trends, what you need to know about attacks, and a guide on how to stay protected using Cloudflare...

By

João Tomé

Reading List , Security , Attacks , DDoS , Ransom Attacks

August 09, 2023 2:00PM

Introducing per hostname TLS settings — security fit to your needs

Starting today, customers that use Cloudflare’s Advanced Certificate Manager can configure TLS settings on individual hostnames within a domain...

By

Dina Kozlov

Security , SSL , TLS , Product News