Security for SaaS providers
March 15, 2022 12:59 PM
Today, we’re excited to give our SaaS providers new tools that will help them enhance the security of their customers’ applications...
A new WAF experience
March 15, 2022 12:59 PM
The security landscape is moving fast. We invited users to help us shape a new WAF experience that enables us to evolve WAF to meet their demands and use cases...
Democratizing email security: protecting individuals and businesses of all sizes from phishing and malware attacks
March 14, 2022 12:59 PM
Once the acquisition of Area 1 closes, we plan to give all paid self-serve plans access to their email security technology at no additional charge...
How Cloudflare verifies the code WhatsApp Web serves to users
March 10, 2022 6:30 PM
Understand how Cloudflare is helping WhatsApp verify the code they’re using for secure messaging hasn’t been tampered with...
Cloudflare, CrowdStrike, and Ping Identity launch the Critical Infrastructure Defense Project
March 07, 2022 1:59 PM
Today, Cloudflare is launching the Critical Infrastructure Defense Project. The Project was born out of conversations with cybersecurity and government experts concerned about potential retaliation to the sanctions that resulted from the Russian invasion of Ukraine...
MORE POSTS
March 04, 2022 4:46 PM
Shields up: free Cloudflare services to improve your cyber readiness
Whether you’re a seasoned IT professional or a novice website operator, these free Cloudflare resources are available for you today. Beyond these free resources, there are a few simple steps that you can take to help stay protected online...
- By
February 24, 2022 5:30 PM
Cloudflare re-enforces commitment to security in Germany via BSIG audit
As Cloudflare expands globally, Rebecca Rogers, Manager of Security Validations, discusses an exciting update to Cloudflare’s commitment to customer security for our German customers...
- By
February 23, 2022 10:00 PM
Why we are acquiring Area 1
Earlier today we announced that Cloudflare has agreed to acquire Area 1 Security...
- By
February 23, 2022 1:59 PM
BGP security and confirmation biases
On February 1, 2022, a configuration error on one of our routers caused a route leak of up to 2,000 Internet prefixes to one of our Internet transit providers. This leak lasted for 32 seconds and at a later time 7 seconds...
- By
February 10, 2022 9:18 PM
Adding a CASB to Cloudflare Zero Trust
Earlier today, Cloudflare announced that we have acquired Vectrix, a cloud-access security broker (CASB) company focused on solving the problem of control and visibility in the SaaS applications and public cloud providers that your team uses...
- By
February 01, 2022 5:28 PM
Announcing the public launch of Cloudflare's bug bounty program
Today we are launching Cloudflare’s paid public bug bounty program. We believe bug bounties are a vital part of every security team’s toolbox and have been working hard on improving and expanding our private bug bounty program over the last few years...
- By
January 26, 2022 1:59 PM
Landscape of API Traffic
More than 50% of all traffic processed by Cloudflare is API-based, and it’s growing twice as fast as traditional web traffic. This huge growth is driven by a few industries, and it calls for the development of dedicated security solutions...
- By
December 31, 2021 1:54 PM
Looking Forward: Some Predictions for 2022
As we approach the end of the year, let's look ahead at some trends and predictions for 2022...
- By
December 15, 2021 1:56 PM
Protection against CVE-2021-45046, the additional Log4j RCE vulnerability
This vulnerability is actively being exploited and anyone using Log4J should update to version 2.16.0 as soon as possible, even if you have previously updated to 2.15.0. The latest version can be found on the Log4J download page....
- By
December 15, 2021 1:56 PM
An exposed apt signing key and how to improve apt security
Recently, we received a bug bounty report regarding the GPG signing key used for pkg.cloudflareclient.com, the Linux package repository for our Cloudflare WARP products....
- By
December 14, 2021 5:48 PM
Exploitation of Log4j CVE-2021-44228 before public disclosure and evolution of evasion and exfiltration
In this blog post we will cover WAF evasion patterns and exfiltration attempts seen in the wild, trend data on attempted exploitation, and information on exploitation that we saw prior to the public disclosure of CVE-2021-44228....
- By
December 14, 2021 10:23 AM
Sanitizing Cloudflare Logs to protect customers from the Log4j vulnerability
Many Cloudflare customers consume their logs using software that uses Log4j, so we are mitigating any exploit attempts via Cloudflare Logs....
- By
December 11, 2021 1:59 PM
Updates to Cloudflare Security and Privacy Certifications and Reports
Customer confidence in our ability to handle their sensitive information in an ever-changing regulatory landscape has to be as solid as our offerings, so we have expanded the scope of our previously-existing compliance validations; not only that, we’ve also managed to obtain a co...
- By
December 10, 2021 11:39 PM
How Cloudflare security responded to Log4j 2 vulnerability
Yesterday, December 9, 2021, when a serious vulnerability in the popular Java-based logging package log4j was publicly disclosed, our security teams jumped into action to help respond to the first question and answer the second question. This post explores the second....
- By