Lucene search
K

12 matches found

Imperva Blog
Imperva Blog
added 2024/05/30 4:40 p.m.37 views

Mitigate Http/2 continuations with Imperva WAF

As the threat landscape continues to grow, with new breaches being announced every day, Imperva continues to stay one step ahead of attackers. HTTP/2 exploits seem to be growing every quarter as more attackers use this vulnerability in new ways. We previously wrote about how Imperva protected its...

7.2AI score
Exploits0
Imperva Blog
Imperva Blog
added 2023/01/20 6:16 p.m.52 views

ManageEngine Vulnerability CVE-2022-47966

Recently, Zoho ManageEngine released a security advisory for CVE-2022-47966, which allows for pre-authentication remote code execution in at least 24 ManageEngine products, including ADSelfService Plus and ServiceDesk Plus. This vulnerability stems from the products’ use of an outdated Apache...

1.9AI score0.99753EPSS
Exploits15
Imperva Blog
Imperva Blog
added 2021/03/30 4:31 p.m.38 views

A Few Hours After the Publication: Dozens of Scanning Attempts for Vulnerable PHP Servers

On March 28th the official PHP Git repository was compromised in order to open a backdoor into many web servers. The attackers were able to gain access to the PHP official main Git server, uploading two malicious commits, including a backdoor. The malicious commits were discovered a few hours...

0.7AI score
Exploits0
Imperva Blog
Imperva Blog
added 2021/03/22 7:45 p.m.260 views

Attacks Spike Following The Disclosure Of CVE-2021-22986: F5 Networks BIG-IP iControl Remote Command Execution Vulnerability

On March 10th F5 published a security advisory containing twenty one CVEs, the most critical one CVE-2021-22986 can be exploited for unauthenticated remote code execution attacks. In the past week, several security researchers have reverse engineered the Java software patch published by BIG-IP an...

10CVSS0.5AI score0.99898EPSS
Exploits20
Imperva Blog
Imperva Blog
added 2021/01/05 4:48 p.m.44 views

2020 Ends With A Bang

December 2020 was an eventful month in cyber security. This blog recaps three of the major security events we saw towards the end of last year. December began with FireEye’s breach announcement that included a leak of its red team tools arsenal. Quickly after this announcement, Imperva Threat...

0.1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2020/10/12 7:57 p.m.47 views

Imperva’s Mobile Security App

How many apps do you currently have on your mobile device? Is this number a total across both your personal and professional devices? Did you know that between Android’s Google Play Store and Apple’s App Store, there are between 2.2 and 2.8 million apps available to download? Did you know that,...

0.8AI score
Exploits0
Imperva Blog
Imperva Blog
added 2020/07/06 3:1 p.m.1539 views

Australian Cyber Attack Vectors Blocked Out of the Box by Imperva WAF

On June 18, 2020, the Australian Cyber Security Centre ACSC released a disclosure detailing a ‘sophisticated’ and sustained attack against Australian government bodies and companies. The disclosure was covered by several mainstream media outlets including the BBC, and the Guardian. The following...

7.5CVSS1.2AI score0.99999EPSS
Exploits67
Imperva Blog
Imperva Blog
added 2020/03/01 12:21 p.m.59 views

Remote File Inclusion (RFI) – Detecting the Undetectable

Intro Remote File Inclusion RFI is an attack exploiting the functionality in web applications which allows the inclusion of external source code without validating its content or origin. An RFI payload is a link that points to a malicious file that an application will include in its code example:...

9.3AI score
Exploits0
Imperva Blog
Imperva Blog
added 2019/06/13 6:38 p.m.288 views

SQL Injection Attacks: So Old, but Still So Relevant. Here’s Why (Charts)

We’re living in the Golden Age of data. Some companies analyze it to better themselves, others trade it for profit, none give it up freely due to its value — for their business, and for criminals, as well. SQL Structured Query Language is an extremely popular way to communicate with databases...

7.5CVSS0.99826EPSS
Exploits27
Imperva Blog
Imperva Blog
added 2018/08/28 4:46 p.m.63 views

Explainer Series: What is Clickjacking?

Here we go, another online trap ready to ensnare unsuspecting – well, until now anyway – users. As if Phishing, Cryptojacking, credential stuffing and old school scamming wasn’t enough, folks really just can’t catch a break these days. Anyway, we’re here to chat about clickjacking, for those of y...

0.5AI score
Exploits0
Imperva Blog
Imperva Blog
added 2018/08/23 2:25 p.m.1094 views

Read: Apache Struts Patches ‘Critical Vulnerability’ CVE-2018-11776

On August 22, Apache Struts released a security patch fixing a critical remote code execution vulnerability. This vulnerability has been assigned CVE-2018-11776 S2-057 and affects Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16. The vulnerability was responsibly disclosed by Man Yue Mo fro...

2.5AI score0.99993EPSS
Exploits41
Imperva Blog
Imperva Blog
added 2017/08/10 3:31 p.m.55 views

A Leader for Four Consecutive Years in the Gartner Magic Quadrant for WAFs

Gartner has published their 2017 Magic Quadrant for Web Application Firewalls WAF and Imperva has again been named a WAF leader—now for four consecutive years. Attacks remain same, but infrastructure is changing According to 2017 Verizon Data Breach Investigations Report, web app attacks remain t...

7AI score
Exploits0
Rows per page
Query Builder