Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The cloud has introduced entirely new environments, roles and circumstances that require us to reimagine the definition of privileged access management (PAM) and how to apply those principles to secure identities. PAM was built on the notion that identities must be secured, not just managed, to protect an organization’s most valuable assets. The well-recognized values of PAM remain highly desirable – least privilege, role-based access control and auditability of high-risk sessions.

Healthcare and technology have always gone hand in hand. Telemedicine, which lets you talk to doctors without visiting them in person, is a great example. A few years back, it might have sounded like science fiction. But today, it's a regular part of many people's lives. In fact, data shows that 80% of people have used telemedical services at least once in their lives.

With the new iPhone 15 release, scammers are taking advantage by impersonating mobile carriers or Apple support, claiming their target is eligible for a free or discounted iPhone upgrade. The scammer’s goal is to get their target to provide personal and financial information which is then used to attempt identity theft or make unauthorized charges. Read on to learn what signs to look out for and what to do if you fall victim to this iPhone 15 scam.

The Open Web Application Security Project (OWASP) has published the latest edition of its API Security Top Ten, which was first published in 2019. The Top Ten is a significant daughter list of the OWASP Top Ten, which is one of the most definitive lists of the most severe web application risks. Why is this important? What are its main findings? And what does this mean for application security?

Modern cloud applications are made up of thousands of distributed services and resources that support an equally large volume of concurrent requests. This level of scale makes it more challenging for engineers to identify system failures before they lead to costly outages. System failures are often difficult to predict in cloud environments, and security threats add another layer of complexity.

Earlier today, Cloudflare, along with Google and Amazon AWS, disclosed the existence of a novel zero-day vulnerability dubbed the “HTTP/2 Rapid Reset” attack. This attack exploits a weakness in the HTTP/2 protocol to generate enormous, hyper-volumetric Distributed Denial of Service (DDoS) attacks.

Starting on Aug 25, 2023, we started to notice some unusually big HTTP attacks hitting many of our customers. These attacks were detected and mitigated by our automated DDoS system. It was not long however, before they started to reach record breaking sizes — and eventually peaked just above 201 million requests per second. This was nearly 3x bigger than our previous biggest attack on record.

Today we’re thrilled to announce the launch of Vanta AI, a new suite of tools that brings the power of AI and LLMs to the Vanta platform to help you accelerate compliance, efficiently assess vendor risk, and automate security questionnaires. ‍ AI is transforming the way work gets done, especially when it comes to reducing repetitive tasks.