Picture this: A crowd of people suddenly, without warning, enter a tiny shop, with room for only a handful of customers. All these extra people make it impossible for customers to get in or get out. Those extra people do not intend to shop — instead they want to disrupt the regular business operations. All this traffic jam-packs the shop, preventing it from carrying out normal business operations.

A recent vulnerability tracked as Rapid Reset (CVE-2023-44487) in the HTTP/2 protocol was recently disclosed by researchers and vendors. It was exploited in the wild from August 2023 to October 2023. The issue arises from the HTTP/2 protocol's ability to cancel streams using an RST_STREAM frame, which can be misused to overload servers by initiating and quickly canceling numerous streams, circumventing the server's concurrent stream limit.

As increasing percentages of businesses experience cyberattacks, new data provides details on where the most organizational risk lies. According to U.K. cyber insurer Hiscox’s Cyber Readiness Report 2023, attacks are on the rise: With these increases, how prepared are organizations? According to Hiscox, organizations are spending money on the problem; the median cybersecurity spend is a little over $1.39 million (with enterprises spending $4.9 million).

Even though there are new attack types for cybercriminals, they are still leveraging old-school attack vectors. Why? Because they still work. I cover new attack methods all the time, with recent examples including a sophisticated phishing campaign impersonating Microsoft and an attack last month targeting the Ukrainian military.

Following our announcement of Splunk Attack Analyzer in July 2023, we are excited to announce the launch of the Splunk Add-on for Splunk Attack Analyzer and Splunk App for Splunk Attack Analyzer. These offerings help us bolster our unified security operations experience by bringing threat analysis results from Splunk Attack Analyzer into the Splunk platform. The challenges with hiring top talent to staff a modern Security Operations Center (SOC) are ubiquitous.

What Are Microsoft 365 LinkedIn Smart Links? LinkedIn Smart Links are a relatively new feature introduced by LinkedIn to simplify the way users share content, profiles, and documents within the platform. Smart Links allow you to share specific pieces of content, making it easier for connections to access information you deem relevant. Smart Links are dynamic, which means they change each time someone accesses the link.

Starting on Aug 25, 2023, we started to notice some unusually big HTTP attacks hitting many of our customers. These attacks were detected and mitigated by our automated DDoS system. It was not long however, before they started to reach record breaking sizes — and eventually peaked just above 201 million requests per second. This was nearly 3x bigger than our previous biggest attack on record.

Earlier today, Cloudflare, along with Google and Amazon AWS, disclosed the existence of a novel zero-day vulnerability dubbed the “HTTP/2 Rapid Reset” attack. This attack exploits a weakness in the HTTP/2 protocol to generate enormous, hyper-volumetric Distributed Denial of Service (DDoS) attacks.

According to the recent The Cyber-Resilient CEO report released by IT services and consulting agency Accenture, a staggering 74% of CEOs have expressed concerns about their organizations' ability to protect their businesses from cyber attacks. This is despite the fact that 96% of CEOs acknowledge the importance of cybersecurity for the growth and stability of their organizations.