Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Modern cloud applications are made up of thousands of distributed services and resources that support an equally large volume of concurrent requests. This level of scale makes it more challenging for engineers to identify system failures before they lead to costly outages. System failures are often difficult to predict in cloud environments, and security threats add another layer of complexity.

Earlier today, Cloudflare, along with Google and Amazon AWS, disclosed the existence of a novel zero-day vulnerability dubbed the “HTTP/2 Rapid Reset” attack. This attack exploits a weakness in the HTTP/2 protocol to generate enormous, hyper-volumetric Distributed Denial of Service (DDoS) attacks.

Starting on Aug 25, 2023, we started to notice some unusually big HTTP attacks hitting many of our customers. These attacks were detected and mitigated by our automated DDoS system. It was not long however, before they started to reach record breaking sizes — and eventually peaked just above 201 million requests per second. This was nearly 3x bigger than our previous biggest attack on record.

Today we’re thrilled to announce the launch of Vanta AI, a new suite of tools that brings the power of AI and LLMs to the Vanta platform to help you accelerate compliance, efficiently assess vendor risk, and automate security questionnaires. ‍ AI is transforming the way work gets done, especially when it comes to reducing repetitive tasks.

Today we announced Vanta AI, our suite of AI-powered tools to accelerate and simplify security and compliance workflows. With Vanta AI, tasks that were previously impossible to automate can now be performed reliably in minutes, enabling security and compliance teams to prove trust and manage risk more efficiently and confidently than ever before. ‍ From the start, Vanta has been on a mission to secure the internet and protect consumer data.

When was the last time you received a phishing attempt through text? I’m guessing it was earlier this week, if not at some point today. Being part of the cybersecurity community keeps us watchful and aware of the ways scammers try to steal our information. But how adept are our parents at spotting these scams? The dangers of online scams and mobile phishing are real and everywhere. Yet, many of our parents and grandparents are navigating this new form of deception without much understanding.

Composing song lyrics, writing code, securing networks — sometimes it seems like AI can do it all. And with the rise of LLM-based engines like ChatGPT and Google Bard, what once seemed like science fiction is now accessible to anyone with an internet connection. These AI advancements are top-of-mind for most businesses and bring up a lot of questions.

Welcome to the 12th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. In this series we are taking an in-depth look at each category – the details, the impact and what you can do about it. To see previous posts you might have missed, click here. This post will put a spotlight on Injection, which used to be its own category (OWASP API8:2019) but has now been subsumed into OWASP API10:2023 (Unsafe Consumption of APIs).