45 matches found
Discover First, Defend Fully: The Essential First Step on Your API Security Journey
APIs power today’s digital economy, but their lightning-fast evolution and astronomical call volumes can leave security teams scrambling to keep up. How can you secure what you can’t yet see or quantify? Imperva’s Unlimited Discovery-Only capability for the Cloud WAF CWAF add-On delivers...
CVE-2024-56524
Radware Cloud Web Application Firewall WAF before 2025-05-07 allows remote attackers to bypass firewall filters by adding a special character to the request...
CVE-2024-56523
Radware Cloud Web Application Firewall WAF before 2025-05-07 allows remote attackers to bypass firewall filters by placing random data in the HTTP request body when using the HTTP GET method...
Risk Management Strategies: Incorporating Cloud WAFs into Your Plan
In today’s digital world, protecting your online assets is more critical than ever. As cyber threats grow increasingly…...
Simplifying Infrastructure Management with Imperva’s Terraform Module for Cloud WAF
In todays rapidly evolving technological landscape, managing infrastructure efficiently is paramount for businesses striving to stay competitive. With the rise of cloud computing, Infrastructure as Code IaC has emerged as a game-changer, enabling organizations to automate the provisioning and...
Mitigate Http/2 continuations with Imperva WAF
As the threat landscape continues to grow, with new breaches being announced every day, Imperva continues to stay one step ahead of attackers. HTTP/2 exploits seem to be growing every quarter as more attackers use this vulnerability in new ways. We previously wrote about how Imperva protected its...
The Added Value of SNI-Only Mode in Imperva Cloud WAF
Imperva has modified the default behavior for new cloud WAF sites, now enforcing Server Name Indication SNI-only traffic by default. This shift is aimed at optimizing the utilization of TLS-related features, both those currently in place and those slated for the future roadmap. This blog post wil...
Imperva defends customers against CVE-2024-22024 in Ivanti products
Ivanti recently published an urgent warning about an authentication bypass in Ivanti Connect Secure, Ivanti Policy Secure, and ZTA gateways, tracked as CVE-2024-22024. The bug, which carries a severity score of 8.3, was discovered during an internal review. Since its announcement on February 8,...
Imperva defends customers against recent vulnerabilities in Apache OFBiz
On December 26, researchers from SonicWall Capture Labs discovered an authentication bypass vulnerability in Apache OFBiz, tracked as CVE-2023-51467. This bug has a CVSS score of 9.8 and allows attackers to achieve server-side request forgery SSRF by bypassing the program’s authentication. This...
Imperva Customers are Protected Against the Latest F5 BIG-IP Vulnerability
Imperva is tracking the recent critical security vulnerability impacting F5’s BIG-IP solution. The vulnerability, CVE-2023-46747, could allow an attacker to bypass authentication and potentially compromise the system via request smuggling. Imperva Threat Research has been actively monitoring this...
Atlassian CVE-2023-22515 Blocked by Imperva
Atlassian, an Australian software company, has released emergency security updates to address a severe zero-day vulnerability in its Confluence Data Center and Server software. This vulnerability is actively being exploited, allowing attackers to create unauthorized Confluence administrator...
Protecting Against HTTP/2 Rapid Reset: CVE-2023-44487
Today, Google disclosed a zero-day vulnerability in the HTTP/2 protocol. Imperva collaborated proactively with Google to gain advanced insights into this vulnerability. After a comprehensive inspection of this vulnerability by Imperva’s Product Development and Threat Research teams, we can confir...
Elevate Your Cybersecurity with Imperva Cloud WAF: More Than Just a Checkbox
In the world of digital modernization, having a web application firewall WAF isnt an option - its a necessity. But in the endless sea of security solutions, how do you choose the right one? How do you ensure that youre not merely checking a box, but genuinely fortifying your digital fortress? Whi...
CVE-2023-3519: NetScaler (Citrix) RCE Blocked By Imperva
On July 20, CISA warned about the exploitation of an unauthenticated remote code execution vulnerability affecting NetScaler formerly Citrix Application Delivery Controller and NetScaler Gateway. Attackers first exploited this vulnerability in June, when unidentified hackers used this as a zero-d...
CVE-2023-34362 – MOVEit Transfer – An attack chain that retrieves sensitive information
MOVEit Transfer is a popular secure file transfer solution developed by Progress, a subsidiary of Ipswitch. At the moment, there are more than 2,500 MOVEit Transfer servers that are accessible from the internet, according to Shodan. On May 31, 2023, Progress released a security advisory affecting...
Imperva is on Top of the World as it Announces New PoP in Bogotá
Imperva is on top of the world to announce the opening of our newest and highest data center yet in Bogotá, Colombia. This latest move represents our commitment as an organization to improve performance, security and connectivity for our customers in the Colombian market. In the very center of th...
5 Things We’ve Learned About CVE-2021-44228
Over the last week, Imperva Threat Research observed interesting data points related to CVE-2021-44228. Despite new variants being discovered and patched by our team, we wanted to share five interesting things that we’ve learned from analyzing a subset of our overall global network traffic. Attac...
Unauthorized Access Vulnerability in Mingguo APT Attack (Cyber Warfare) Warning Platform (CNVD-2021-47700)
Hangzhou ACE Information Technology Co., Ltd. is a company that has been focusing on the research, development, production and sales of products in the field of network information security, such as Fortress, Remote Monitoring, Cloud Saas Service, Cloud WAF, Industrial Control, Online Remote Offi...
Logic Flaw Vulnerability in Mingguo APT Attack (Cyber Warfare) Warning Platform
Hangzhou ACE Information Technology Co., Ltd. is a company that has been focusing on the research, development, production and sales of products in the field of network information security, such as Fortress, Remote Monitoring, Cloud Saas Service, Cloud WAF, Industrial Control, Online Remote Offi...
API Security Checks in the Post-Pandemic World
The digital transformation journeys of many enterprises have been accelerated by the COVID-19 pandemic. For 2020, IT resources shifted to support WFH policies with mobile and remote productivity solutions, while simultaneously managing multiple datacenter migration projects to the cloud for scale...