Tech Giants Reveal Record-Breaking “Rapid Reset” DDoS Bug


According to many tech infrastructure firms, threat actors have been abusing a zero-day vulnerability in the HTTP/2 protocol since August to mount the greatest DDoS attacks ever seen. Google, Cloudflare, and Amazon Web Services (AWS) issued advisories yesterday identifying CVE-2023-44487 as the root cause of the “Rapid Reset” attacks.

According to Google, the bug allowed hostile actors to execute a series of DDoS attacks with a high of 398 million requests per second (rps). It went on to say that the previous record was 46 million rps.x000D Cloudflare claimed that it had mitigated over a thousand such 10 million rps attacks, including 184 that exceeded the previous record of 71 million rps.

Read More…