About

Cloudflare security news


JSON syntax hack allowed SQLi payloads to sneak past WAFs

09 December 2022JSON syntax hack allowed SQLi payloads to sneak past WAFsFive vendors act to thwart generic hack

Killing CAPTCHA

Cloudflare CTO John Graham-Cumming envisages a frictionless future for website Turing tests04 July 2022Killing CAPTCHACloudflare CTO John Graham-Cumming envisages a frictionless future for website Turing tests

Oblivious DNS-over-HTTPS

Experimental protocol offers privacy by separating IP addresses from queries14 June 2022Oblivious DNS-over-HTTPSExperimental protocol offers privacy by separating IP addresses from queries

Hiding in the shadows

Cybercriminals use reverse tunneling and URL shorteners to launch ‘virtually undetectable’ phishing campaigns13 June 2022Hiding in the shadowsCybercriminals use reverse tunneling and URL shorteners to launch ‘virtually undetectable’ phishing campaigns

ImpressCMS

SQL injection protections in open source software could be bypassed to achieve RCE30 March 2022ImpressCMSSQL injection protections in open source software could be bypassed to achieve RCE

Cloudflare bug bounty program goes public

03 February 2022Cloudflare bug bounty program goes publicSilicon Valley firm has paid out more than $200,000 since private program’s 2018 launch

White House FOSS summit

Biden administration tackles ‘unique security challenges’ faced by open source ecosystem17 January 2022White House FOSS summitBiden administration tackles ‘unique security challenges’ faced by open source ecosystem

DDoS demands

Attacks increasing year on year as cybercriminals demand extortionate payouts10 January 2022DDoS demandsAttacks increasing year on year as cybercriminals demand extortionate payouts

Meris botnet leverages HTTP pipelining to smash DDoS attack records

16 September 2021Meris botnet leverages HTTP pipelining to smash DDoS attack recordsSource of attacks ‘almost entirely composed of Mikrotik devices’

DNS disruption

Exhaustive study puts China’s infamous Great Firewall under the microscope12 August 2021DNS disruptionExhaustive study puts China’s infamous Great Firewall under the microscope

Code execution

Vulnerability in Cloudflare CDN could have allowed complete compromise of websites16 July 2021Code executionVulnerability in Cloudflare CDN could have allowed complete compromise of websites

Telecoms industry facing increased DDoS attacks

21 April 2021Telecoms industry facing increased DDoS attacksNew research from Cloudflare details cyber-attack trends of 2021 so far

Script Monitor

Cloudflare utility warns against Magecart-style malfeasance25 March 2021Script MonitorCloudflare utility warns against Magecart-style malfeasance

H2C smuggling in the wild

Technique proves effective against Azure, Cloudflare Access, and more24 March 2021H2C smuggling in the wildTechnique proves effective against Azure, Cloudflare Access, and more

KEMTLS

Cloudflare trials new encryption mechanism in anticipation of post-quantum TLS shortcomings25 January 2021KEMTLSCloudflare trials new encryption mechanism in anticipation of post-quantum TLS shortcomings

Encrypted Client Hello

Firefox 85 builds momentum for successor to ESNI protocol08 January 2021Encrypted Client HelloFirefox 85 builds momentum for successor to ESNI protocol

SAD DNS

Researchers pull source code as DNS cache poisoning technique deemed ‘too dangerous’16 November 2020SAD DNSResearchers pull source code as DNS cache poisoning technique deemed ‘too dangerous’

Make Websites Safe Again

Compromised credentials most likely vector in Trump election site hack28 October 2020Make Websites Safe AgainCompromised credentials most likely vector in Trump election site hack

What is HTTP/3?

Everything you need to know about the next-generation web protocol27 October 2020What is HTTP/3?Everything you need to know about the next-generation web protocol

Cat and mouse

Privacy advocates fight back after China tightens surveillance controls11 August 2020Cat and mousePrivacy advocates fight back after China tightens surveillance controls

Black Hat 2020: Web cache poisoning offers fresh ways to smash through the web stack

Flawed cache keys unlock a giant backdoor to your website05 August 2020Black Hat 2020: Web cache poisoning offers fresh ways to smash through the web stackFlawed cache keys unlock a giant backdoor to your website

Cloudflare tracks massive spike in cyber-attacks as protests rage against George Floyd death

03 June 2020Cloudflare tracks massive spike in cyber-attacks as protests rage against George Floyd deathAnti-racist groups and government sites were peppered with malicious HTTP requests over the weekend

Cloudflare releases network scanning tool to the masses

… infosec backlash ensues22 November 2019Cloudflare releases network scanning tool to the masses… infosec backlash ensues

WARP speed engaged with new mobile app

30 September 2019WARP speed engaged with new mobile app

Cloudflare takes HTTP/3 to the edge

26 September 2019Cloudflare takes HTTP/3 to the edgeRollout of revamped internet standard begins

Fixing the privacy gap

Cloudflare rolls out encrypted SNI25 September 2018Fixing the privacy gapCloudflare rolls out encrypted SNI

Cloudflare tries to secure the internet, blocks users instead

Some public WiFi networks inaccessible after move to tighten security of 1.1.1.129 June 2018Cloudflare tries to secure the internet, blocks users insteadSome public WiFi networks inaccessible after move to tighten security of 1.1.1.1

‘By the end of this year, we’ll be in 100 countries’

Cloudflare CEO Matthew Prince discusses the company’s rapid expansion, the importance of building trust, and what’s next for the content delivery network provider15 June 2018‘By the end of this year, we’ll be in 100 countries’Cloudflare CEO Matthew Prince discusses the company’s rapid expansion, the importance of building trust, and what’s next for the content delivery network provider

Cloudflare launches Tor hidden service for DNS resolver

06 June 2018Cloudflare launches Tor hidden service for DNS resolverThe power of Tor has been combined with the privacy-preserving features of 1.1.1.1

Cloudflare releases new public DNS

04 April 2018Cloudflare releases new public DNS“The internet’s fastest, privacy first consumer DNS service,” claims the web security provider