Recent Security News

  • October 10, 2023 at 10:13AM – New ‘HTTP/2 Rapid Reset’ zero-day attack breaks DDoS records

    October 10, 2023 at 10:13AM A new DDoS technique named ‘HTTP/2 Rapid Reset’ has been actively exploited as a zero-day since August, breaking all previous records in magnitude. Amazon Web Services, Cloudflare, and Google report mitigating attacks reaching 155 million requests per second (Amazon) and 201 million rps (Cloudflare). Cloudflare has detected over a thousand…

    Read More

  • October 10, 2023 at 10:13AM – A Primer on Cyber Risk Acceptance and What it Means to Your Business

    October 10, 2023 at 10:13AM This article discusses the concept of risk acceptance in cybersecurity and provides guidelines for making informed decisions about accepting risks. It defines risk acceptance and outlines different levels of risk acceptance, such as accepting the risk forever, accepting temporarily, transferring the risk, and eliminating the risk. The article also emphasizes…

    Read More

  • October 10, 2023 at 10:06AM – Old-School Attacks Are Still a Danger, Despite Newer Techniques

    October 10, 2023 at 10:06AM Many cybercriminals still rely on non-sophisticated attacks because they are effective. These include phishing attacks and credential harvesting, often obtained through social engineering. Automation and AI are increasingly being used by bad actors to conduct attacks more efficiently. To defend against these attacks, organizations need to bolster human defenses through…

    Read More

  • October 10, 2023 at 09:54AM – SecurityWeek to Host 2023 ICS Cybersecurity Conference October 23-26 in Atlanta

    October 10, 2023 at 09:54AM SecurityWeek will host the 2023 Industrial Control Systems (ICS) Cybersecurity Conference from October 23-26, 2023, in Atlanta. The event, now in its 22nd year, focuses on cybersecurity for industrial control systems and operational technology. The conference will feature over 75 sessions, including technical and strategy sessions, and will address various…

    Read More

  • October 10, 2023 at 09:54AM – ‘HTTP/2 Rapid Reset’ Zero-Day Exploited to Launch Largest DDoS Attacks in History

    October 10, 2023 at 09:54AM A new zero-day vulnerability called ‘HTTP/2 Rapid Reset’ has been exploited by malicious actors to launch massive distributed denial-of-service (DDoS) attacks. Cloudflare, Google, and AWS have all experienced record-breaking attacks, with the largest reaching 398 million requests per second. The attacks leverage a feature in the HTTP/2 protocol and have…

    Read More