Zero Day Threats

How Cloudflare’s AI WAF proactively detected the Ivanti Connect Secure critical zero-day vulnerability

01/23/2024

The issuance of Emergency Rules by Cloudflare on January 17, 2024, helped give customers a big advantage in dealing with these threats...

How Cloudflare’s AI WAF proactively detected the Ivanti Connect Secure critical zero-day vulnerability

Announcing WAF Attack Score Lite and Security Analytics for business customers

03/15/2023

Security Week WAF AI Security Zero Day Threats

We are making the machine learning empowered WAF and Security analytics view available to our Business plan customers, to help detect and stop attacks before they are known...

Radwa Radwan

Cloudflare observations of Confluence zero day (CVE-2022-26134)

06/05/2022

Vulnerabilities WAF Zero Day Threats

On 2022-06-02 at 20:00 UTC Atlassian released a Security Advisory relating to a remote code execution (RCE) vulnerability affecting Confluence Server and Confluence Data Center products. This post covers our current analysis of this vulnerability...

CVE-2022-1096: How Cloudflare Zero Trust provides protection from zero day browser vulnerabilities

03/29/2022

Remote Browser Isolation Zero Day Threats Zero Trust CVE Vulnerabilities Cloudflare Zero Trust SASE

CVE-2022-1096 is yet another zero day vulnerability affecting web browsers. Cloudflare zero trust mitigates the risk of zero day attacks in the browser and has been patched...

Tim Obezuk

Sanitizing Cloudflare Logs to protect customers from the Log4j vulnerability

12/14/2021

Logs Vulnerabilities Zero Day Threats Security Log4J Log4Shell

Many Cloudflare customers consume their logs using software that uses Log4j, so we are mitigating any exploit attempts via Cloudflare Logs....

December 10, 2021 9:24 PM

Secure how your servers connect to the Internet today

The vulnerability disclosed yesterday in the Java-based logging package, log4j, allows attackers to execute code on a remote server. We’ve updated Cloudflare’s WAF to defend your infrastructure against this 0-day attack. ...

Sam Rhea

Cloudflare Zero Trust

, Cloudflare One

, Zero Trust

, Cloudflare Gateway

, Zero Day Threats

December 10, 2021 6:36 PM

Inside the Log4j2 vulnerability (CVE-2021-44228)

In this post we explain the history of this vulnerability, how it was introduced, how Cloudflare is protecting our clients. We will update later with actual attempted exploitation we are seeing blocked by our firewall service....

John Graham-Cumming

Vulnerabilities

, Zero Day Threats

, Security

, WAF Rules

, Log4J

December 10, 2021 11:39 AM

CVE-2021-44228 - Log4j RCE 0-day mitigation

A zero-day exploit affecting the popular Apache Log4j utility (CVE-2021-44228) was made public on December 9, 2021 that results in remote code execution (RCE). This vulnerability is actively being exploited and anyone using Log4j should update to version 2.15.0 as soon as possibl...