December 11, 2021 1:59PM
Updates to Cloudflare Security and Privacy Certifications and Reports
Customer confidence in our ability to handle their sensitive information in an ever-changing regulatory landscape has to be as solid as our offerings, so we have expanded the scope of our previously-existing compliance validations; not only that, we’ve also managed to obtain a couple of new ones....
December 10, 2021 11:39PM
How Cloudflare security responded to Log4j 2 vulnerability
Yesterday, December 9, 2021, when a serious vulnerability in the popular Java-based logging package log4j was publicly disclosed, our security teams jumped into action to help respond to the first question and answer the second question. This post explores the second....
December 10, 2021 9:24PM
Secure how your servers connect to the Internet today
Cloudflare Zero Trust
Zero Day Threats
The vulnerability disclosed yesterday in the Java-based logging package, log4j, allows attackers to execute code on a remote server. We’ve updated Cloudflare’s WAF to defend your infrastructure against this 0-day attack....
December 10, 2021 9:06PM
Actual CVE-2021-44228 payloads captured in the wild
I wrote earlier about how to mitigate CVE-2021-44228 in Log4j, how the vulnerability came about and Cloudflare’s mitigations for our customers. As I write we are rolling out protection for our FREE customers as well because of the vulnerability’s severity....
December 10, 2021 6:36PM
Inside the Log4j2 vulnerability (CVE-2021-44228)
Zero Day Threats
In this post we explain the history of this vulnerability, how it was introduced, how Cloudflare is protecting our clients. We will update later with actual attempted exploitation we are seeing blocked by our firewall service....