June 2022 Summaries
50 posts from Cloudflare
Filter
Month:
Year:
Post Summaries
Back to Blog
Cloudflare introduces Managed Transforms, a dedicated section of Transform Rules offering one-click HTTP header modifications. This feature simplifies the process of modifying HTTP headers by identifying common use cases and packaging them into single click solutions. Managed Transforms can be used to improve operations, remove sensitive data, and increase security. Users can enable features like 'Add bot protection headers' or 'Add security headers' with just one click, enhancing their website's security score.
Jun 30, 2022
838 words in the original blog post.
The text discusses Linux Security Modules (LSM) and how they can be used to implement security policies in the Linux kernel. It introduces LSM BPF, a new way of implementing granular security policies without configuration or loading a kernel module. The author then presents a real-world problem involving unshare syscall and privilege escalation, and demonstrates how LSM BPF can be used to solve this issue by tracking down the appropriate hook candidate and writing an LSM BPF program. Finally, the text discusses the performance impact of the solution and proposes a patch for propagating error codes from the cred_prepare hook up the call stack.
Jun 29, 2022
1,957 words in the original blog post.
Microsoft announced the retirement of Internet Explorer on June 15, 2022, impacting over 70% of global desktop Windows market share. As the retirement date has passed, usage trends show a decline in Internet Explorer 11 traffic by approximately one-third between January and June 2022. Businesses are not rushing to replace Internet Explorer with Microsoft Edge, but its use is expected to drop more aggressively as Microsoft rolls out plans to redirect users to Microsoft Edge and ultimately disable Internet Explorer. Traffic from earlier versions of Internet Explorer has never fully disappeared, with some traffic being generated by bots presenting themselves as the browser. Usage patterns for Microsoft Edge show strong enterprise usage with weekday peaks and lower traffic on weekends.
Jun 29, 2022
1,755 words in the original blog post.
The Hertzbleed attack is a new type of side-channel attack that exploits changes in CPU frequency to compromise cryptographic software. It demonstrates that dynamic voltage and frequency scaling (DVFS), a power management scheme of modern x86 processors, depends on the data being processed. This vulnerability can lead to different CPU P-state distribution and execution time depending on the input data, potentially allowing an attacker to infer secret information from program's running time. Cryptographic algorithms that rely on constant-time execution are particularly vulnerable to this type of attack. The Supersingular Isogeny Key Encapsulation (SIKE) protocol is one example of a cryptographic algorithm that can be exploited by Hertzbleed. To mitigate the risk, developers should enforce strict validation of untrusted inputs and consider potential countermeasures against DVFS-based side-channel attacks.
Jun 28, 2022
3,615 words in the original blog post.
In June 2022, Cloudflare reported that it was the fastest provider in 1,290 of the top 3,000 most reported networks worldwide, up from 1,280 during Platform Week in May. The company uses Real User Measurements (RUM) to fetch a 100kB file from different providers and collects data from users around the world to compare its performance with other providers. Cloudflare is committed to being the fastest provider in every country, and it has improved network performance in more Eastern European countries during this period. The company's constant efforts to improve routing fixes, expand peering arrangements, and add new locations contribute to its high-performance services that customers expect.
Jun 27, 2022
554 words in the original blog post.
Cloudflare is opening up its new multi-tenant partner platform, allowing agencies and hosting partners to create accounts for all their customers under one dashboard. The company will deprecate its legacy APIs on November 1, 2022, in favor of the new Self Serve Partner program that offers discounted plans and consolidated billing. This move aims to reinforce Cloudflare's commitment to its hosting ecosystem and small business partners while providing a better internet experience for their customers.
Jun 27, 2022
1,026 words in the original blog post.
The Cloudflare documentation team uses "dogfooding" and data analysis to improve their documentation. They manage the settings of their docs website using Cloudflare products, which allows them to experience the user journey firsthand. Additionally, they analyze internal search data to identify gaps in their documentation and external search data to inform their content strategy. By combining qualitative and quantitative inputs, they treat their content as a product, leading to continuous improvement of their documentation.
Jun 27, 2022
937 words in the original blog post.
Cloudflare has introduced a new feature called "Browser Isolation with private network connectivity," which allows users to securely access private web services without installing any software or agents on an endpoint device. This solution is natively integrated into Cloudflare's Zero Trust platform, making it easy to control and monitor who can access what private services from a remote browser without sacrificing performance or security. Browser Isolation eliminates the need for virtual desktops by offering a better user experience and improved ROI while maintaining security benefits. The solution works by unifying Cloudflare Access and Cloudflare Tunnels, enabling users to connect to a remote browser without installing any software on their device and securely connecting private networks to remote browsers hosted on Cloudflare's network.
Jun 24, 2022
943 words in the original blog post.
During Cloudflare's One week event, playbooks were shared on how to replace legacy appliances with Zero Trust services using their own products. The company started by replacing its VPN with Cloudflare Access for better security and ease of use. Next, they deployed Gateway and Remote Browser Isolation to mitigate threats and prevent data exfiltration. They also implemented secure DNS in offices and extended it to remote workers through the Cloudflare WARP client. HTTP filtering was added for more precise URL blocking and tenant control. Browser Isolation was used to isolate endpoints from malicious attacks without compromising user experience. Area 1 email security was onboarded to prevent phishing attacks, leading to its acquisition by Cloudflare in April 2022. The company is now looking forward to upgrading their SaaS security with the new CASB product acquired from Vectrix in February 2022.
Jun 24, 2022
1,500 words in the original blog post.
This blog discusses the shift from Virtual Desktop Infrastructure (VDI) to remote browser isolation for securing internal web applications. VDI has been useful for remote work but its drawbacks, such as high costs and poor user experience, have become more apparent with the rise of web-based apps over desktop ones. Cloudflare offers practical recommendations and a phased approach to transition away from VDI, which can help organizations lower costs and improve employee experiences. The blog also highlights how modern virtual desktops are used today, the challenges associated with VDI, and how remote browser isolation can be an alternative solution for offloading VDI workloads. It provides practical recommendations for planning and executing a transition from VDI to Cloudflare Browser Isolation, including pre-implementation planning, migration phases, and progress towards Zero Trust security posture.
Jun 24, 2022
2,888 words in the original blog post.
Cloudflare uses Kubernetes extensively for engineering tasks such as API backend, batch processing, and CI/CD pipelines. However, the large surface area exposed by Kubernetes poses security risks. To address this issue, Cloudflare employs its Zero Trust solution to secure access to Kubernetes clusters while enabling kubectl without proxies. The company initially used VPNs for network access but switched to Cloudflare Tunnels and eventually moved on to using the private network routing feature of Cloudflare Zero Trust. This approach allows engineers to access the Kubernetes APIs securely without needing to set up cloudflared tunnels or configure kubectl and other Kubernetes ecosystem tools to use tunnels.
Jun 24, 2022
1,225 words in the original blog post.
Cloudflare Gateway, a comprehensive secure web gateway, is set to support HTTP/3 inspection. Currently, 25% of the internet uses HTTP/3 for faster browsing without compromising security. Administrators seeking to filter and inspect HTTP/3-enabled websites or APIs have had to compromise on performance or lose visibility by bypassing inspection. With HTTP/3 support in Cloudflare Gateway, administrators can have full visibility on all traffic while providing the fastest browsing experience for users. The adoption of HTTP/3 is driven by its ability to accelerate browsing activity using QUIC, a modern transport protocol that is always encrypted by default. This delivers faster performance by reducing round-trips between the user and the web server and is more performant for users with unreliable connections. Once support for HTTP/3 inspection becomes available later this year, administrators can enable it through the dashboard to apply security measures such as AV-scanning, remote browser isolation, DLP, and HTTP filtering to all proxied HTTP traffic.
Jun 24, 2022
725 words in the original blog post.
Cloudflare has released a comparison between its Zero Trust services and Zscaler's Zero Trust Exchange, claiming that its platform surpasses Zscaler in terms of functionality, simplicity, speed, and security. The comparison includes 37 functional criteria groups, with Cloudflare scoring higher in most categories. Additionally, the blog highlights three key areas where Cloudflare One outperforms Zscaler Zero Trust Exchange: seamless integration across all services, high-speed throughput for improved end-user experience, and better connectivity to the rest of the Internet.
Jun 24, 2022
1,492 words in the original blog post.
Cloudflare has announced a seamless integration between its Secure Web Gateway and API-driven Cloud Access Security Broker (CASB) to help IT administrators manage access to sanctioned or unsanctioned Software as a Service (SaaS) applications. The new CASB provides comprehensive visibility into SaaS applications, enabling prevention of data leaks and compliance violations. It also allows users to create Gateway policies from CASB security findings for remediation purposes. This integration is part of the Cloudflare One suite of solutions that work together as a unified platform to find and fix security issues across SaaS applications.
Jun 24, 2022
553 words in the original blog post.
Annika Garbers discusses enhancements to the Cloudflare One platform that make transitioning from legacy architecture to Zero Trust networks easier. The platform now supports any on- or off-ramp and is fully composable and interoperable, allowing customers to connect using hardware devices they've already deployed or existing technology standards like IPsec tunnels. Additionally, expanded support for additional configuration parameters, a new UI and Terraform provider support, and step-by-step guides for popular implementations have been introduced for managing Anycast IPsec tunnels. Furthermore, easier on-ramps from existing SD-WAN appliances are now available through integration guides for additional devices and tunnel mechanisms.
Jun 23, 2022
930 words in the original blog post.
Cloudflare offers dedicated source IPs for administrators transitioning from on-premise appliances to cloud-based security services like Cloudflare Gateway. Dedicated egress IPs provide a persistent identifier for traffic filtering and routing, allowing organizations to maintain the convenience of allowlist policies based on static source IPs while leveraging the benefits of Cloudflare's global network. These dedicated IPs are exclusive to assigned customers and can be used via various on-ramps such as Cloudflare's device client (WARP), proxy endpoints, GRE and IPsec on-ramps, or any of their 1600+ peering network locations. Upcoming functionality includes an egress IP policy builder in the Cloudflare Zero Trust dashboard, allowing administrators to specify which IP is used for egress traffic based on various attributes such as application, content category, domain, user group, destination IP, and more.
Jun 23, 2022
1,113 words in the original blog post.
The text discusses how Cloudflare transitioned from using traditional SSH access to internal database clusters via a bastion host, to utilizing Cloudflare Tunnels and Access for improved user experience and onboarding times related to database access. This change was prompted by the overhead and limitations of maintaining SSH configurations. The new solution involves deploying Cloudflare Tunnel on an internal Kubernetes cluster and implementing Cloudflare Access with identity-driven Zero Trust policies, ensuring only authorized users can connect to the databases. This approach also allows for better delineation of access between staging and production environments. The text concludes by highlighting the benefits of this solution, including enhanced security posture, improved user experience, and valuable feedback provided to the Access and Tunnel teams within Cloudflare.
Jun 23, 2022
924 words in the original blog post.
Today marks the launch of the Cloudflare One Partner Program, aimed at helping channel partners deliver Zero Trust solutions while monetizing them effectively. The program includes comprehensive offerings, enablement resources, and incentives for IT Service companies, Distributors, Value Added Resellers, Managed Service Providers, and other solution providers. This new initiative represents a significant investment by Cloudflare in the partner ecosystem to address the growing demand for Zero Trust architectures that help organizations safely and securely accelerate their digital transformations. The program offers new product suites, streamlined processes through Distributors, Partner Accreditations, and robust incentive structures.
Jun 23, 2022
1,887 words in the original blog post.
The article discusses "Early Hints," a product developed by Cloudflare that can significantly improve page load performance. Since its launch, over 100,000 customers have used Early Hints on the platform. The technology takes advantage of server think time to send instructions to the browser to begin loading readily-available resources while the server finishes compiling the full response. This results in a faster page load for end users. Google has recently announced that Early Hints is available in Chrome version 103 with support for preload and preconnect to start, which will mean many more requests will see the performance benefits. The article also provides insights into how much Early Hints improved performance of customers' websites and shares best practices and strategies for better performance.
Jun 23, 2022
2,676 words in the original blog post.
Cloudflare has announced a new integration with Microsoft Endpoint Manager (Intune), combining its expansive network and Zero Trust suite with Intune. This expanded integration allows joint customers to identify, investigate, and remediate threats faster by leveraging the latest information from Microsoft Graph API. The integration enables organizations to verify users' device posture before granting access to internal or external applications. With this integration, Cloudflare's customers can build Access and Gateway policies based on the device being managed by Endpoint Manager (Intune) with a compliance policy defined. This enhances security posture across all endpoints and their entire corporate network in today's work-from-anywhere business culture.
Jun 23, 2022
709 words in the original blog post.
Employees returning to the office are experiencing slower corporate networks compared to their home internet due to outdated line speeds and security requirements. Many MPLS sites still use old 1.5 Mbps circuits, highlighting the inability of current MPLS-based networks to support a shift from centralized applications to distributed SaaS and hybrid multi-cloud environments. Cloudflare Magic WAN simplifies legacy WAN architectures by enabling customers to use its global network for interconnectivity between branch offices, data centers, and public cloud services. It includes Zero Trust security services that can be enabled as needed, improve performance, and can be managed through a single dashboard. The ultimate goal for many organizations is to move their network and security architecture from a castle & moat model to a Zero Trust model where there's no longer a hard boundary between "private" and "public" networks. Cloudflare Magic WAN enables this transition by building in security natively into the network.
Jun 23, 2022
1,674 words in the original blog post.
Cloudflare has introduced a closed beta for its new Zero Trust network discovery tool called Private Network Discovery. This feature aims to simplify maintaining security in private networks by passively cataloging both the resources being accessed and the users who are accessing them without any additional configuration required. The tool is designed to help organizations gain complete visibility into their networks, discover applications, and apply Zero Trust security controls seamlessly. During the closed beta, users can create friendly names for their private network applications, with plans to enable direct creation of Access applications from the Private Network Discovery report in future general availability releases.
Jun 22, 2022
1,052 words in the original blog post.
The text discusses the growing need for Zero Trust Network Access (ZTNA) solutions like Cloudflare Access to replace traditional VPNs, which have inherent security vulnerabilities and poor user experience. It provides a step-by-step guide on how to transition from VPN to ZTNA using Cloudflare Access, including connecting internal apps, integrating identity and endpoint protection, configuring Zero Trust rules, testing clientless access, and moving towards full VPN replacement. The text also highlights the benefits of adopting ZTNA, such as improved security posture, faster onboarding for new employees, reduced IT support tickets, and enhanced user experience.
Jun 22, 2022
2,076 words in the original blog post.
Microsoft has awarded Cloudflare the Security Software Innovator award for its innovative approach to Zero Trust and Security solutions. The prestigious Microsoft Security Excellence Awards recognized Cloudflare's transformative technology in collaboration with Microsoft, providing world-class joint solutions for mutual customers. This includes support for thousands of customers, including many Fortune 500 companies, on their Zero Trust journey. Through deep integrations with Microsoft, Cloudflare has helped organizations take the next step in their security strategy while delivering a seamless user experience.
Jun 22, 2022
727 words in the original blog post.
Cloudflare has announced its support for Apple's Private Attestation Tokens (PAT) in its Cloudflare Access service. This feature allows security teams to verify a user's Apple device before they access sensitive applications, without the need to install any additional software or collect device data. PAT leverages the Privacy Pass Protocol and requires four parties to work together: an Origin, a Client, an Attester, and an Issuer. Cloudflare Access will support verifying if a user is accessing from a "healthy" Apple device before allowing access to sensitive corporate applications. The company plans to expand device support and verification attributes over time.
Jun 22, 2022
805 words in the original blog post.
Cloudflare has introduced External Evaluation rules for its Access policies, allowing users to build infinitely customizable policies by calling any API during the evaluation of an Access policy. This feature enables customers to check any signal they require without direct support in Access policies. The new capability is designed to provide more control and customizability in defining Zero Trust security policies. Examples of potential uses include integrating with endpoint protection tools, checking IP addresses against external threat feeds, and calling industry-specific user registries.
Jun 21, 2022
677 words in the original blog post.
Cloudflare has announced the private beta of its intrusion detection capabilities, which will provide live monitoring for threats across all network traffic. The new Intrusion Detection System (IDS) expands on existing security controls by actively monitoring for known threat signatures in traffic. This software-based solution is designed to eliminate capacity constraints and performance bottlenecks associated with traditional hardware-based IDS solutions, while also offering continuous threat intelligence updates from across Cloudflare's global network. The beta is available now for Advanced Magic Firewall customers.
Jun 21, 2022
1,030 words in the original blog post.
Cloudflare has announced the upcoming launch of Cloudflare One Observability, a feature designed to help customers troubleshoot network connectivity, security policies, and performance issues across Cloudflare One applications. This will ensure a consistent experience for employees working remotely or from different locations. The new tool aims to address the challenges posed by fragmented enterprise networks that have moved beyond traditional on-premise models. By consolidating data from various Cloudflare One functions into a single platform, customers can easily troubleshoot issues related to bandwidth usage, network vulnerabilities, and slow network performance. The development of Cloudflare One Observability is still ongoing, with interested parties able to sign up for the waitlist.
Jun 21, 2022
1,078 words in the original blog post.
On June 21, 2022, Cloudflare experienced an outage affecting traffic in 19 data centers due to a change made during a project aimed at increasing resilience in their busiest locations. The incident began at 06:27 UTC and was resolved by 07:42 UTC. This outage impacted approximately 50% of total HTTP requests handled globally, even though the affected data centers account for only 4% of Cloudflare's network. The company apologized for the inconvenience caused and is working on improving processes, architecture, and automation to prevent similar incidents in the future.
Jun 21, 2022
1,569 words in the original blog post.
Cloudflare introduces its new threat operations and research team, Cloudforce One, led by Blake Darché, Area 1's co-founder and former head of Threat Intelligence. The team's primary objective is to track and disrupt cyber threats targeting various industries. Cloudforce One will work closely with existing product, engineering, and security teams at Cloudflare to improve their products based on observed tactics, techniques, and procedures (TTPs). Additionally, a new Threat Intelligence subscription service will be offered for enterprise customers seeking one-on-one live briefings and early access to threat research.
Jun 21, 2022
537 words in the original blog post.
Cloudflare and Area 1 have combined their threat indicator data pipelines following the acquisition of Area 1 by Cloudflare. This integration allows customers to benefit from both teams' work across Cloudflare products, improving phishing detection and overall security. The new dataset sharing between Cloudflare and Area 1 enables organizations to better protect themselves against sophisticated threat actor activity and regain an advantage that has been heavily skewed towards the bad guys for years.
Jun 20, 2022
1,043 words in the original blog post.
Data Loss Prevention (DLP) is now a native part of the Cloudflare One platform. The development process involved extensive customer feedback from various industries and sizes. Many customers face challenges in understanding their data flow, especially with the rise of SaaS tools and cloud migration. DLP helps protect sensitive data based on its characteristics, such as keywords, patterns, or file types. It is integrated into Cloudflare One's Zero Trust network architecture to provide comprehensive protection for data across various identifiers like who accessed it, where it went, and how the destination was configured. The platform allows users to create custom rules catered to their organization's needs. A closed beta of the DLP product has been launched, with interested customers able to join the waitlist by filling out a form.
Jun 20, 2022
873 words in the original blog post.
Email security remains a significant concern for organizations despite the use of Secure Email Gateways (SEGs). The prevalence of cloud-native email services has rendered traditional SEGs redundant, as they fail to provide adequate protection against modern phishing attacks. These attacks are low volume, highly targeted, and exploit our trust in email communications. To effectively combat these threats, advanced email analysis and threat detection algorithms are required, which a SEG cannot perform at scale. Cloudflare Area 1 offers proactive scanning of the internet for attacker infrastructure and phishing campaigns under construction, providing comprehensive protection against modern phishing attacks.
Jun 20, 2022
1,996 words in the original blog post.
Cloudflare has integrated its Area 1 email security into the broader Cloudflare One platform, enabling Remote Browser Isolation (RBI) for email links. This provides an unmatched level of protection from modern multi-channel email-based attacks. The integration allows users to access websites without having to connect to a VPN or having strict firewall policies. It also helps reduce the likelihood and impact of human error in email communications, making it a fundamental part of any Zero Trust platform.
Jun 20, 2022
1,481 words in the original blog post.
Cloudflare has announced new integrations that enable customers to incorporate third-party threat intelligence data into its products, such as Gateway and Magic Firewall, alongside its existing threat intelligence features. The integration is currently available with partners Mandiant, Recorded Future, and VirusTotal, with plans to add more in the future. Customers of these threat intel providers can upload their API keys to the Cloudflare Security Center to create rules within Cloudflare One products and enrich search results from the threat investigations portal. This collaboration aims to provide customers with up-to-date and relevant intelligence integrated into their preferred technology solutions for comprehensive protection against cyber threats.
Jun 20, 2022
795 words in the original blog post.
This article discusses three key concepts in enterprise network architecture - Zero Trust, Secure Access Service Edge (SASE), and Security Service Edge (SSE). It explains that these frameworks aim to provide a more secure, faster, and reliable experience for end users, applications, and networks. The text delves into the specifics of each concept, highlighting their critical components and how they can be achieved using Cloudflare One, a comprehensive SASE platform. The article also outlines various security functions such as Zero Trust Network Access (ZTNA), Secure Web Gateway (SWG), Remote Browser Isolation (RBI), Cloud Access Security Broker (CASB), Data Loss Prevention (DLP), Firewall-as-a-service, Email security, and their integration with on-ramps and service edge. It concludes by emphasizing the importance of a geographically dispersed, interconnected, fast, high capacity network with traffic intelligence, threat intelligence, interoperability, orchestration, and visibility for achieving these goals.
Jun 19, 2022
3,160 words in the original blog post.
The article discusses the shift from traditional office-based work to remote work and its impact on corporate networks and security models. It highlights that while the way we work has changed, the corporate networks and security models have struggled to keep pace. The article emphasizes the need for a Zero Trust Architecture as the solution to these challenges but acknowledges that many organizations are hesitant due to concerns about how to implement it. The author introduces Cloudflare One Week, an initiative aimed at making Zero Trust more approachable and understandable. It also mentions the company's comprehensive guide to implementing Zero Trust, regardless of which vendor is used. The article concludes by stating that Cloudflare One offers one of the most feature-complete SASE solutions on the market with unmatched performance due to its global network infrastructure.
Jun 19, 2022
1,068 words in the original blog post.
The French national data protection authority, CNIL, has published guidelines for GDPR-compliant use of Google Analytics and similar marketing tools. In response to this, Cloudflare introduced new privacy features for its Zaraz service that help organizations protect end user privacy while using these tools. These features include removing URL query parameters, hiding originating IP addresses, clearing user agent strings, and removal of external referrers. The guide provided by Cloudflare outlines the steps to set up Google Analytics with these new privacy features.
Jun 15, 2022
1,513 words in the original blog post.
On June 14, 2022, a record-breaking HTTPS DDoS attack was detected and mitigated by Cloudflare's Free plan. The attack targeted a customer website with 26 million requests per second (rps), the largest on record. It originated from a small but powerful botnet of 5,067 devices, mostly virtual machines and servers, which generated an average of 5,200 rps at peak. This attack highlights the growing size and frequency of large-scale DDoS attacks, emphasizing the need for automated always-on protection services that do not rely on human intervention to detect and mitigate threats.
Jun 14, 2022
734 words in the original blog post.
Exam season in Syria, Sudan, and Algeria has led to widespread internet disruptions as these countries attempt to prevent cheating on national exams. Syria and Sudan have implemented nationwide multi-hour shutdowns during past years, while this year Algeria appears to be blocking specific websites and applications instead of a complete shutdown. The impact of these measures goes beyond students, imposing significant financial costs on businesses within the affected countries due to loss of internet access for multiple hours over several weeks.
Jun 14, 2022
942 words in the original blog post.
Cloudflare Japan is introducing new employee benefits to adapt to the evolving work culture and accommodate diverse needs of its workforce. These include "take what you need" time off for all employees, 16-week gender-neutral paid parental leave, and flexible working hours. The company recognizes the importance of personal time and believes that it helps employees perform better at work. Cloudflare Japan has been present in the country since 2010 and continues to expand its network while actively recruiting for various roles.
Jun 13, 2022
925 words in the original blog post.
On June 7, two major submarine cables, Africa-Asia-Europe-1 (AAE-1) and SEA-ME-WE-5 (SMW-5), suffered cable cuts in Egypt, impacting internet connectivity for millions of users across multiple countries in the Middle East, Africa, and Asia. Google Cloud Platform and OVHcloud also reported connectivity issues due to these cable cuts. The damage was repaired within a few hours, with traffic returning to normal levels. This incident highlights the importance of redundancy in submarine cable infrastructure and the potential impact of such events on internet users worldwide.
Jun 10, 2022
1,007 words in the original blog post.
Queen Elizabeth II's Platinum Jubilee celebrations had a noticeable impact on UK internet traffic, with less online activity during daytime when the festivities were being celebrated. The four-day bank holiday weekend saw lower traffic compared to recent weekends, particularly on Saturday and Sunday. Mobile device usage increased during this period as people spent more time outdoors participating in Jubilee events or watching them on television. Similar patterns of reduced internet traffic were observed in other Commonwealth countries such as Canada, Australia, and New Zealand during their respective celebrations for the Queen's milestone anniversary.
Jun 09, 2022
1,177 words in the original blog post.
On its eighth anniversary, Cloudflare is introducing a new portal for Project Galileo participants. The Social Impact Projects Portal aims to simplify the onboarding process and provide resources such as configuration tips, product explainers, and more. This initiative was inspired by the crisis in Ukraine, which led to a 177% increase in applications for the project. The portal will also support other Cloudflare Impact programs like Athenian Project, Cloudflare for Campaigns, and Project Pangea.
Jun 09, 2022
465 words in the original blog post.
Cloudflare has introduced Private Access Tokens (PATs), a new method to validate real users visiting websites without compromising privacy. PATs eliminate nearly 100% of CAPTCHAs for users on supported iOS or macOS devices, improving the mobile web experience and enhancing privacy. This technology is expected to be incorporated into more operating systems in the future. Cloudflare customers do not need to take any action to utilize PATs; they will automatically benefit from this new feature when visitors use compatible devices.
Jun 08, 2022
1,685 words in the original blog post.
The article discusses the eighth anniversary of Project Galileo, which provides protection to vulnerable groups from cyberattacks. It highlights an increase in DDoS attack activity against organizations in Ukraine after the start of the conflict and presents a deep dive into attack trends against participants in various fields such as human rights, journalism, and community-led non-profits. The article also mentions that applications to Project Galileo increased by 177% in March 2022 following the war in Ukraine. It further details the types of cyberattacks experienced by organizations under the project and provides insights into how researchers, civil society, and targeted organizations can better protect themselves.
Jun 08, 2022
1,186 words in the original blog post.
In 2014, Cloudflare launched Project Galileo to protect organizations working in vulnerable yet essential areas of human rights and democracy building from cyber attacks. Since then, the project has expanded its scope beyond DDoS protection to fostering collaboration with civil society for more tools and support. As of March 2022, applications to Project Galileo increased by 177% following the war in Ukraine. The anniversary celebrations included new case studies highlighting Galileo participants' work, a portal designed to ease onboarding for participants, and insights into attack patterns using data from Cloudflare Radar. Two new civil society partners, International Media Support and CyberPeace Institute, have joined the project, which now protects over 1,900 organizations in 111 countries.
Jun 07, 2022
1,430 words in the original blog post.
On June 6, 2022, a cluster of Internet standards were published that modernize the definition of HTTP, including updates to HTTP/1.1, HTTP/2, and the new HTTP/3. The Internet Engineering Task Force (IETF) has been working on these specifications for some time. Cloudflare's analysis shows that HTTP/2 still comprises the majority of request traffic, with HTTP/3 surpassing HTTP/1.1 in early July 2021 and roughly doubling in twelve months. Google Chrome accounts for approximately 80% of HTTP/3 requests seen by Cloudflare, followed by Microsoft Edge at around 10%, Mozilla Firefox just under 10%, and Apple Safari responsible for the balance. Major search engine indexing bots such as GoogleBot and BingBot still predominantly use older versions of HTTP, while social media platform bots like FacebookBot and TwitterBot have limited or no usage of HTTP/3.
Jun 06, 2022
1,753 words in the original blog post.
On June 2, 2022, Atlassian issued a Security Advisory concerning a remote code execution (RCE) vulnerability affecting Confluence Server and Data Center products. This post provides an analysis of the vulnerability. Upon learning about it, Cloudflare's internal teams promptly engaged to ensure all customers and infrastructure were protected. The WAF team started working on mitigation rules that were deployed for all customers, while the security team reviewed Confluence instances within Cloudflare. The RCE vulnerability allows full unauthenticated access, enabling attackers to take over the target application. Active exploits of this vulnerability involve command injections using specially crafted strings to load a malicious class file in memory, allowing attackers to subsequently plant a webshell on the target machine that they can interact with. Since the mitigation rules were put in place, there has been a significant increase in activity related to exploitation attempts. The decline in WAF rule matches is due to improved rules being released, which greatly reduced false positives. A valid malicious URL targeting a vulnerable Confluence application was identified, and other example URLs are provided. Some of the observed activity indicates malware campaigns and botnet behavior. Cloudflare's response to CVE-2022-26134 involved gathering information about the attack, engaging the WAF team to develop mitigation rules, searching logs for signs of compromise, deploying new rules to protect customers, scrutinizing Confluence servers for signs of compromise and malicious implants, and enabling monitoring systems to detect any new exploitation attempts. For those using Confluence on-premises, it is recommended to patch to the latest fixed versions, add Cloudflare Access as an extra protection layer, enable a WAF with protection for CVE-2022-26134 in front of Confluence instances, check logs for signs of exploitation attempts, and use forensic tools to search for post-exploitation tools such as webshells or other malicious implants. Indicators of compromise and attack are provided for reference.
Jun 05, 2022
1,132 words in the original blog post.
On June 2, 2022, Atlassian issued a security advisory for their Confluence Server and Data Center applications, warning of a critical severity unauthenticated remote code execution vulnerability (CVE-2022-26134). The flaw affects all versions of Confluence Server and Data Center versions greater than 1.3.0. Atlassian has released a patch, urging customers to update immediately. Cloudflare's WAF and Access features already protect their customers from this vulnerability. On June 2, 2022, at 23:38 UTC, Cloudflare deployed an emergency release with a mitigation rule for the vulnerability. This rule automatically protected all websites using Cloudflare WAF, including free customers. Access users were also protected from external exploitation attempts before the emergency release.
Jun 03, 2022
328 words in the original blog post.