MORE POSTS
February 29, 2024 2:00 PM
Remediating new DNSSEC resource exhaustion vulnerabilities
Cloudflare recently fixed two critical DNSSEC vulnerabilities: CVE-2023-50387 and CVE-2023-50868. Both of these vulnerabilities can exhaust computational resources of validating DNS resolvers. These vulnerabilities do not affect our Authoritative DNS or DNS firewall products...
January 23, 2024 2:00 PM
How Cloudflare’s AI WAF proactively detected the Ivanti Connect Secure critical zero-day vulnerability
The issuance of Emergency Rules by Cloudflare on January 17, 2024, helped give customers a big advantage in dealing with these threats...
October 14, 2023 12:00 AM
Malicious “RedAlert - Rocket Alerts” application targets Israeli phone calls, SMS, and user information
On October 13, 2023, Cloudflare’s Cloudforce One Threat Operations Team became aware of a malicious Google Android application impersonating the real-time rocket alert app, Red Alert, which provides real-time rocket alerts for Israeli citizens...
October 10, 2023 12:02 PM
HTTP/2 Rapid Reset: deconstructing the record-breaking attack
This post dives into the details of the HTTP/2 protocol, the feature that attackers exploited to generate the massive Rapid Reset attacks, and the mitigation strategies we took to ensure all our customers are protected...
October 10, 2023 12:02 PM
HTTP/2 Zero-Day vulnerability results in record-breaking DDoS attacks
The “HTTP/2 Rapid Reset” attack exploits a weakness in the HTTP/2 protocol to generate enormous, hyper-volumetric DDoS attacks. Cloudflare has mitigated a barrage of these attacks in recent months, including an attack three times larger than any previous attack we’ve observed...
October 05, 2023 3:00 PM
Uncovering the Hidden WebP vulnerability: a tale of a CVE with much bigger implications than it originally seemed
Recently, Google announced a security issue in Google Chrome, titled "Heap buffer overflow in WebP in Google Chrome." Initially, it seemed like just another bug in the popular web browser. However, what we discovered was far more significant and had implications that extended wel...
August 04, 2023 6:29 PM
Unmasking the top exploited vulnerabilities of 2022
The Cybersecurity and Infrastructure Security Agency (CISA) just released a report highlighting the most commonly exploited vulnerabilities of 2022. ...
July 25, 2023 12:47 AM
How Cloudflare is staying ahead of the AMD vulnerability known as “Zenbleed”
The Google Information Security Team revealed a new flaw in AMD's Zen 2 processors in a blog post today. The 'Zenbleed' flaw affects the entire Zen 2 product stack, from AMD's EPYC data center processors to the Ryzen 3000 CPUs, and can be exploited to steal sensitive data process...
July 10, 2023 1:00 PM
How Cloudflare Images addressed the aCropalypse vulnerability
Customers using Cloudflare Images or Image Resizing products are protected against the aCropalypse vulnerability. ...
April 25, 2023 1:07 PM
SLP: a new DDoS amplification vector in the wild
Researchers have recently published the discovery of a new DDoS reflection/amplification attack vector leveraging the SLP protocol. Cloudflare expects the prevalence of SLP-based DDoS attacks to rise in the coming weeks...