Cloudflare WAF protects against web-based attacks and malicious traffic using customizable rule sets. Cloudflare’s network extends across numerous data centers worldwide, ensuring efficient content delivery and robust DDoS protection. Moreover, Cloudflare provides supplementary functionalities such as CDN caching, SSL/TLS encryption, and DNS management to enhance overall web performance and security.

Quantum computers pose a serious threat to security and privacy of the Internet: encrypted communication intercepted today can be decrypted in the future by a sufficiently advanced quantum computer. To counter this store-now/decrypt-later threat, cryptographers have been hard at work over the last decades proposing and vetting post-quantum cryptography (PQC), cryptography that’s designed to withstand attacks of quantum computers.

We are now announcing the ability for Cloudflare customers to scan old messages within their Office 365 Inboxes for threats. This Retro Scan will let you look back seven days and see what threats your current email security tool has missed.

We are constantly researching ways to improve our products. For the Web Application Firewall (WAF), the goal is simple: keep customer web applications safe by building the best solution available on the market. In this blog post we talk about our approach and ongoing research into detecting novel web attack vectors in our WAF before they are seen by a security researcher. If you are interested in learning about our secret sauce, read on.

Today we are excited to announce a contribution to improving privacy for everyone on the Internet. Encrypted Client Hello, a new proposed standard that prevents networks from snooping on which websites a user is visiting, is now available on all Cloudflare plans. Encrypted Client Hello (ECH) is a successor to ESNI and masks the Server Name Indication (SNI) that is used to negotiate a TLS handshake.

Over the last twelve months, we have been talking about the new baseline of encryption on the Internet: post-quantum cryptography. During Birthday Week last year we announced that our beta of Kyber was available for testing, and that Cloudflare Tunnel could be enabled with post-quantum cryptography. Earlier this year, we made our stance clear that this foundational technology should be available to everyone for free, forever.

It's nothing new for cybercriminals to use sneaky HTML tricks in their attempt to infect computers or dupe unsuspecting recipients into clicking on phishing links. Spammers have been using a wide variety of tricks for years in an attempt to get their marketing messages past anti-spam filters and in front of human eyeballs. It's enough to make you wish that email clients didn't support HTML at all, and that every message had to be in plaintext email.

Many data breaches start with a compromised account from one of a company’s employees. Jérôme Berloty and Benjamin Netter decided to build a product based on that fact and launched Riot in 2020. ‍ Based in Paris, France, Riot combines learning modules and phishing simulations to raise cyber awareness and solve compliance needs. The courses are chat-based, five minutes long, and immersive and interactive, making learning more entertaining. ‍

Over the past five years, digital supply chains have evolved significantly, spurred by post-pandemic corrections, technological advancements, and globalization. This evolution has made the average organization more efficient and better suited to handle the demands of their unique operation. However, these same supply chain advancements have also introduced a host of new cybersecurity concerns and dramatically expanded the attack surface of most organizations.

FIPS 140-2 is a federal information processing standard that manages security requirements for cryptographic modules. The National Institute of Standards and Technology (NIST) published the security standard in November 2001 to develop coordinated requirements for hardware computer components. NIST replaced FIPS 140-2 with FIPS 140-3 in March 2019. This iteration introduced new critical security parameters for software and firmware and updated the four critical security levels that FIPS 140-2 introduced.