Lucene search
K
ImpervablogMost viewed

1025 matches found

Imperva Blog
Imperva Blog
added 2021/04/06 12:8 p.m.179 views

Imperva’s Comprehensive Data Security Platform for Cloud, Explained

Imperva recently introduced the industry’s first database-agnostic security platform specifically built for cloud. The Data Security solution unifies security management for organizations’ entire data environment, supporting databases wherever they’re hosted, including managed database services...

0.8AI score
Exploits0
Imperva Blog
Imperva Blog
added 2021/07/05 11:23 a.m.176 views

Security Auditing for MongoDB on Atlas

MongoDB is a document-oriented NoSQL database that provides high performance, high availability, and easy scalability. To many, it is the leader in the NoSQL space. MongoDB Atlas was launched in June of 2016 and provides MongoDB as a database-as-a-service DBaaS. Atlas provides all of the features...

7.6AI score
Exploits0
Imperva Blog
Imperva Blog
added 2023/10/11 10:46 p.m.175 views

Recent Vulnerabilities in Popular Applications Blocked by Imperva

Multiple vulnerabilities in popular and widespread applications have been disclosed recently, tracked as CVE-2023-36845, CVE-2023-40044, CVE-2023-42793, CVE-2023-29357, and CVE-2023-22515. These vulnerabilities, which affect several products and can be exploited to allow arbitrary code execution,...

7.5CVSS10.6AI score0.99979EPSS
Exploits95
Imperva Blog
Imperva Blog
added 2021/07/07 5:58 p.m.175 views

Oracle Auditing Part 1: Standard Auditing

This is the first of three articles on the topic of Oracle auditing. It is relevant to Oracle 10g, 11g, and 12c, although Unified Auditing in 12c makes some of this content irrelevant if you choose to use Pure Unified Auditing. Unified Auditing will be covered in the third part of this series...

0.5AI score
Exploits0
Imperva Blog
Imperva Blog
added 2021/07/07 11:9 a.m.174 views

Oracle Auditing Part 2: Mandatory and Fine-Grained Auditing

This is the second of three articles on the topic of Oracle auditing. It is relevant to Oracle 10g, 11g, and 12c, although Unified Auditing in 12c makes some of this content irrelevant if you choose to use Pure Unified Auditing. Unified Auditing will be covered in the third part of this series an...

7.4AI score
Exploits0
Imperva Blog
Imperva Blog
added 2019/03/14 5:45 p.m.173 views

How Our Threat Analytics Multi-Region Data Lake on AWS Stores More, Slashes Costs

Data is the lifeblood of digital businesses, and a key competitive advantage. The question is: how can you store your data cost-efficiently, access it quickly, while abiding by privacy laws? At Imperva, we wanted to store our data for long-term access. Databases would’ve cost too much in disk and...

Exploits0
Imperva Blog
Imperva Blog
added 2023/10/13 8:8 p.m.172 views

How to use DSF Collections & Index Patterns – A Tutorial

In conventional terminology, Imperva Data Security Fabric DSF is a database system, replete with a GUI interface for aggregation pipeline building, workflow orchestration, extensible scripting Playbooks, and self-service data discovery Kibana-based Discover. Imperva DSF is purpose-built for data...

6.6AI score
Exploits0
Imperva Blog
Imperva Blog
added 2021/03/18 4:7 p.m.168 views

Web Application Firewalls Instrumental in Digital-First Banking

Like many industries, the banking and insurance sectors have shifted their resources to be digital-first, all the more so since the start of the global pandemic. For today’s customers, who increasingly begin their banking experiences using digital channels, whether online or mobile, a digital-fir...

0.4AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/06/04 10:5 p.m.167 views

Imperva Customers are protected from Atlassian Confluence CVE-2022-26134

This is an evolving storyline. Last update: June 4, 2022. On June 2, 2022, Atlassian published a security advisory regarding a CVE for versions of Confluence Server and Data Center applications greater than 1.3.0. The advisory details a critical severity unauthenticated remote code execution...

7.5CVSS2.3AI score0.99999EPSS
Exploits75
Imperva Blog
Imperva Blog
added 2021/03/15 3:25 p.m.166 views

A Tip For Easy SQL-based Big Data Analysis: Use a Temporary Dataset

Every once in a while we’re required to analyze big data on a wide time range. Here’s a common example: “Can you analyze what happened during 2020? And don’t forget to compare it to 2019”. Questions like this are hard to answer in the big data world: Queries may take a long time to process - and...

7.5AI score
Exploits0
Imperva Blog
Imperva Blog
added 2021/02/22 7:42 p.m.163 views

Despite COVID-19 pandemic, Imperva reports number of vulnerabilities decreased in 2020

Imperva’s report, The State of Vulnerabilities in 2020 has revealed that unlike in previous years, researchers observed a fall in the number of vulnerabilities last year, even as businesses were compelled to accelerate digital transformation processes due to the COVID-19 pandemic. Vulnerabilities...

10CVSS0.6AI score0.99999EPSS
Exploits84
Imperva Blog
Imperva Blog
added 2020/07/21 11:24 a.m.163 views

Imperva Shields Against Windows DNS Server RCE Vulnerability (CVE-2020-1350)

Recently, Check Point researchers found a 17-year-old high-profile flaw, SIGRed CVE-2020-1350. The flaw is a wormable, critical vulnerability in the Windows DNS server, and can be triggered by a malicious DNS response. On a zero to 10 scale, this vulnerability has received a CVSS base score of 10...

10CVSS9AI score0.92178EPSS
Exploits21
Imperva Blog
Imperva Blog
added 2021/07/04 6:45 a.m.161 views

Compliance When Migrating to the Cloud: SQL Server Running on Azure vs. On- Premise

In the age of the data era, where data storage is increasing at an exponential rate and access to information is getting easier and faster, data security is a major concern. There are many cases where we can’t prevent people from accessing data, but we can track and investigate suspicious...

7.3AI score
Exploits0
Imperva Blog
Imperva Blog
added 2021/04/20 12:38 p.m.157 views

5 Ways Your Software Supply Chain is Out to Get You, Part 1: Vendor Compromise

Is 2021 the year of the software supply chain attack? In late 2020, an incredible story broke: US government agencies, including Commerce, Treasury, and Homeland Security, had been severely compromised through a malicious backdoor surreptitiously implanted into network management software supplie...

0.2AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/01/13 3:23 p.m.156 views

Analytics Are Essential for Effective Database Security

We have all heard the saying, “early detection is critical.” This is true in most aspects of our daily lives; in everything from medical diagnosis, automobile issues, a leaky roof, credit card fraud, etc. It should come as no surprise that this is especially true in the context of data security...

9.3CVSS0.3AI score0.99999EPSS
Exploits349
Imperva Blog
Imperva Blog
added 2021/03/12 2:17 p.m.154 views

Anatomy of a Security Super Bowl Dynasty, Part 3: Special Teams and Coaching

Imperva Directors of Technology in the Office of the CTO, Brian Anderson and Craig Burlingame, recently conducted an informal education session titled, Creating a Security Super Bowl Dynasty. In this presentation, they illustrated the ways American football teams create consistent, sustainable...

0.2AI score
Exploits0
Imperva Blog
Imperva Blog
added 2021/04/27 1:8 p.m.152 views

5 Ways Your Software Supply Chain is Out to Get You, Part 3: Exploit Open Source Libraries

In previous posts, we explained how two kinds of supply chain attack methods, Vendor Compromise and Exploit Third Party Applications, are threatening software supply chains, transferring an extraordinary amount of risk downstream to the organizations and users that trust and depend on them. In th...

0.5AI score
Exploits0
Imperva Blog
Imperva Blog
added 2017/08/15 3:30 p.m.151 views

How to Protect AWS API Gateway with SecureSphere WAF

Serverless architectures are becoming more and more popular, and Amazon’s API Gateway service is a key factor in many serverless deployments on AWS. Currently API Gateway only supports a public CloudFront endpoint, and securing the API Gateway with high-end WAF protection may seem like a difficul...

6.9AI score
Exploits0
Imperva Blog
Imperva Blog
added 2019/01/24 8:21 p.m.149 views

Seven Must-Dos to Secure MySQL 8.0

Most database breaches are blamed on insiders such as employees who are either malicious or whose security has been compromised. In fact, most of these breaches are actually caused by poor security configuration and privilege abuse. Every new database version brings security upgrades. Use them...

0.3AI score
Exploits0
Imperva Blog
Imperva Blog
added 2021/07/03 8:18 p.m.145 views

Why You’re Not Making the Leap from Compliance to a Database Security Strategy

Gartner strongly recommends that the concept of “big data strategy” should be replaced with “making big data part of our everyday strategy.” Technology has created a database activity explosion for most enterprises and made traditional agent-based data logging, monitoring, and auditing far too...

6.7AI score
Exploits0
Imperva Blog
Imperva Blog
added 2019/09/26 1:43 p.m.143 views

Attackers Are Quick to Exploit vBulletin’s Latest 0-day Remote Code Execution Vulnerability

Imperva’s Cloud WAF has identified instances of a new 0-day vulnerability being exploited within a matter of hours of the exploit being published. On Monday 23rd September 2019, an exploit was published for a vulnerability found within vBulletin versions 5.0.0 to 5.5.4, allowing malicious attacke...

7.5CVSS1AI score0.99728EPSS
Exploits27
Imperva Blog
Imperva Blog
added 2019/03/04 9:0 p.m.138 views

Hundreds of Vulnerable Docker Hosts Exploited by Cryptocurrency Miners

Docker is a technology that allows you to perform operating system level virtualization. An incredible number of companies and production hosts are running Docker to develop, deploy and run applications inside containers. You can interact with Docker via the terminal and also via remote API. The...

9.3CVSS0.1AI score0.9857EPSS
Exploits33
Imperva Blog
Imperva Blog
added 2021/12/30 1:26 p.m.137 views

2021 in Review, Part 3: 5 Things Security Professionals Were Discussing this Year

Today, everyone is talking about CVE-2021-44228, and with good reason. But before that, here were five of the issues that dominated virtual “water cooler talk” in 2021: 5. Data security in the cloud Champion heavyweight boxer Mike Tyson said, “Everyone has a plan until they get punched in the...

9.3CVSS0.3AI score0.99999EPSS
Exploits349
Imperva Blog
Imperva Blog
added 2020/05/27 9:22 a.m.137 views

Python and Go Top the Chart of 2019’s Most Popular Hacking Tools

Imperva Cloud WAF protects over a hundred thousand websites globally and observes around a billion of attacks daily. We detect thousands of hacking tools on a daily basis and employ various measures to stop malicious requests. Here are the most dangerous tools and attacks we discover while...

7.5CVSS8.5AI score0.99999EPSS
Exploits24
Imperva Blog
Imperva Blog
added 2021/12/28 2:8 p.m.136 views

2021 in Review, Part 1: 5 Cybersecurity Topics that Made News

Its been another chaotic year in cybersecurity, as protecting web applications and stopping sensitive data breaches remain top-of-mind issues and continue to generate headline news. As 2021 comes to a close, cybersecurity and all the industries it serves is dealing with an unprecedented zero-day...

9.3CVSS0.2AI score0.99999EPSS
Exploits349
Imperva Blog
Imperva Blog
added 2021/07/03 8:58 p.m.136 views

Azure SQL Database Security: 9 Features You Should Know

Databases are where organizations hold their “crown jewels” – their data. If you’re running or looking to run SQL on Azure, Azure provides security for the physical, logical, and data layers of services. Basic Azure SQL database security can be enabled using a variety of native security features...

7.8AI score
Exploits0
Imperva Blog
Imperva Blog
added 2021/01/29 2:43 p.m.134 views

2021 KuppingerCole Leadership Compass names Imperva an overall leader for Database and Big Data Security

It is my pleasure to report that in their 2021 overview of the market for Database and Big Data Security solutions, leading technology analyst KuppingerCole has identified Imperva as an Overall Leader for the first time. Imperva scored five out of five for product security, functionality,...

0.3AI score
Exploits0
Imperva Blog
Imperva Blog
added 2023/07/10 3:50 p.m.133 views

New MOVEit vulnerability CVE-2023-36934 blocked by Imperva

On July 5, Progress Software released a security advisory for a new critical vulnerability in the MOVEit Transfer software, CVE-2023-36934. With a critical score of 9.1, this bug is a SQL injection vulnerability in the MOVEit Transfer web application with the potential to allow unauthorized acces...

7.5CVSS10AI score0.99934EPSS
Exploits15
Imperva Blog
Imperva Blog
added 2019/06/19 11:59 p.m.132 views

UK’s Largest Mobile Carrier Relies on AWS and Imperva FlexProtect for Web Delivery and 360-Degree Application Protection

In today’s highly-competitive telecommunications market, the website is integral to successful and fast customer service. Downtime due to intrusion, data breach, or DDoS attack is intolerable. It’s why ten of the largest global telecommunications providers have chosen Imperva, including BT mobile...

0.7AI score
Exploits0
Imperva Blog
Imperva Blog
added 2019/03/11 7:25 p.m.130 views

How to Deploy a Graylog SIEM Server in AWS and Integrate with Imperva Cloud WAF

Security Information and Event Management SIEM products provide real-time analysis of security alerts generated by security solutions such as Imperva Cloud Web Application Firewall WAF. Many organizations implement a SIEM solution to bring visibility of all security events from various solutions...

7.4AI score
Exploits0
Imperva Blog
Imperva Blog
added 2023/12/19 12:34 p.m.129 views

CVE-2023-50164: A Critical Vulnerability in Apache Struts

On December 7, 2023, Apache released a security advisory regarding CVE-2023-50164, a critical vulnerability in Apache Struts with CVSS score 9.8. Versions from 2.5.0 to 2.5.32 and 6.0.0 to 6.3.0 were affected. Apache Struts is a popular, free, open-source framework that is used in the creation of...

10CVSS8.4AI score0.99999EPSS
Exploits59
Imperva Blog
Imperva Blog
added 2021/12/14 10:55 p.m.124 views

Continuing to Stay Ahead of CVE-2021-44228: Addressing Your Top Questions

Since it was disclosed on Friday, December 11, I have spoken with many customers about CVE-2021-44228 and the ways Imperva is working to ensure that they are protected. Countless others have contacted us with questions about ways to mitigate the impact from the Log4j vulnerability. In the spirit ...

9.3CVSS1.3AI score0.99999EPSS
Exploits349
Imperva Blog
Imperva Blog
added 2021/01/12 1:47 p.m.124 views

Install Apache Zeppelin and connect it to AWS Athena for data exploration, visualization and collaboration

Introduction Apache Zeppelin is a Web-based, open source, notebook system that enables data-driven, interactive data analytics and collaborative documents with SQL. At Imperva Research Group we use it on a daily basis to query data from the Threat Research Data Lake using AWS Athena query engine...

0.5AI score
Exploits0
Imperva Blog
Imperva Blog
added 2019/10/10 3:0 p.m.123 views

Imperva Security Update

Hi everyone, Please find below a detailed update on the security incident from Kunal Anand, our Chief Technology Officer. From the moment we discovered this incident, we established and have held ourselves to the following key principles: To do the right thing for all of our constituents, To be...

7.4AI score
Exploits0
Imperva Blog
Imperva Blog
added 2023/10/10 12:24 p.m.122 views

Protecting Against HTTP/2 Rapid Reset: CVE-2023-44487

Today, Google disclosed a zero-day vulnerability in the HTTP/2 protocol. Imperva collaborated proactively with Google to gain advanced insights into this vulnerability. After a comprehensive inspection of this vulnerability by Imperva’s Product Development and Threat Research teams, we can confir...

5CVSS8.4AI score0.99999EPSS
Exploits19
Imperva Blog
Imperva Blog
added 2022/10/18 6:30 p.m.122 views

Apache Commons Text vulnerability CVE-2022-42889

Updated Oct. 19, 2022 CVE-2022-42889 was recently added to the NVD catalog, with a critical score of 9.8. This vulnerability allows remote code execution RCE in Apache Commons Text. It affects version numbers 1.5-1.9, and an upgrade to Apache Commons Text 1.10.0 disables the problem by default...

1.4AI score0.99931EPSS
Exploits41
Imperva Blog
Imperva Blog
added 2019/02/22 7:54 p.m.121 views

Imperva Makes Major Expansion in Application Security

When Imperva announced in 2018 it would acquire the application security solution provider Prevoty, a company I co-founded with Julien Bellanger, I knew it would be a win-win for our industry. Prevoty’s flagship product, Autonomous Application Protection, is the most mature, market-tested runtime...

0.4AI score
Exploits0
Imperva Blog
Imperva Blog
added 2021/12/11 2:31 a.m.120 views

How We’re Protecting Customers & Staying Ahead of CVE-2021-44228

CVE-2021-44228 is a high profile vulnerability impacting multiple versions of a widely distributed Java software component, Apache Log4j 2. The specific vulnerability allows for unauthenticated remote code execution. For additional technical information, the team at LunaSec has an excellent...

9.3CVSS1.3AI score0.99999EPSS
Exploits349
Imperva Blog
Imperva Blog
added 2020/07/09 8:0 a.m.120 views

Introducing Imperva Cloud Data Security

We are excited to announce that our latest data security innovation is now available worldwide! Made for the cloud, Imperva Cloud Data Security CDS builds on our industry-leading application and data security solutions, providing an industry-first, complete cloud data SaaS security solution that...

0.1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2018/03/12 6:30 p.m.117 views

RDaaS Security: How to Apply Database Audit and Monitoring Controls

As you move databases to cloud database platforms, data security and compliance requirements move along with it. This article explains how you can apply database audit and monitoring controls when migrating your database to cloud services, including the following: Introduction to RDaaS Benefits o...

7.1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/01/04 10:44 a.m.113 views

2021 in Review, Part 4: 5 Cybersecurity Topics to Watch in 2022

One of the core principles of cybersecurity is not letting things “slip through the cracks”. An effective security posture depends on visibility. The more visibility you have into the environments where your data is, the more successful you will be in applying your organization’s security protoco...

9.3CVSS10AI score0.99999EPSS
Exploits349
Imperva Blog
Imperva Blog
added 2021/03/22 9:20 p.m.112 views

Why Banks Are Still A Top Target For DDoS Attacks

The financial services sector is still a prime target for cyber criminals and it has been widely reported that in 2020 financial institutions came under attack more than ever before. According to Boston Consulting Group research, financial service firms are up to 300 times more likely to experien...

7.3AI score
Exploits0
Imperva Blog
Imperva Blog
added 2019/06/12 8:38 p.m.112 views

The Struggle is Real

We’ve all heard the phrase, “We live in a male dominated world.” This phrase is most often delivered with a negative connotation when someone perceives that they’re getting an unfair chance, at the mercy of men. What if we could live in a world where everyone’s unique contributions were equally...

7.1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2021/10/26 7:35 p.m.111 views

How RASP Protects Apache Servers from zero-day Path Traversal Attacks (CVE-2021-41773)

In late September of 2021, a path traversal and file disclosure vulnerability was disclosed and reported as CVE-2021-41773 in Apache HTTP Server version 2.4.29. Both Windows and Linux servers are affected. This vulnerability, which occurs via remote code execution RCE, exposes a path traversal bu...

7.5CVSS0.5AI score0.99992EPSS
Exploits173
Imperva Blog
Imperva Blog
added 2021/08/10 7:12 p.m.108 views

The top 3 OWASP risks to the financial services sector in 2021 and how to mitigate them

The Open Web Application Security Project OWASP is a non-profit organization that helps security experts protect web applications from cyber attacks. OWASP counts 32,000 volunteers worldwide who perform security assessments and conduct research on cybersecurity threats about which the larger...

7AI score
Exploits0
Imperva Blog
Imperva Blog
added 2021/07/04 5:43 p.m.108 views

Securely Managing Entitlement of S3 Resources

Here we’ll talk about securely managing entitlements of S3 resources including managing access control to S3 objects and utilizing audit logging to keep track of the usage of shared resources. Amazon’s AWS services allow for accounts to grant access to resources from other accounts on AWS. This...

1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2019/04/11 4:0 p.m.108 views

The Ping is the Thing: Popular HTML5 Feature Used to Trick Chinese Mobile Users into Joining Latest DDoS Attack

DDoS attacks have always been a major threat to network infrastructure and web applications. Attackers are always creating new ways to exploit legitimate services for malicious purposes, forcing us to constantly research DDoS attacks in our CDN to build advanced mitigations. We recently...

6.9AI score
Exploits0
Imperva Blog
Imperva Blog
added 2019/01/10 1:1 a.m.108 views

Dynamic Content Acceleration in Imperva CDN Improves Enterprise Website Performance

Today we introduced a new dynamic content acceleration network enhancement feature designed to improve response times to the origin server by up to 30%. Clients using the Imperva content delivery network CDN service are now able to more fully leverage the high-quality connectivity between PoPs in...

0.8AI score
Exploits0
Imperva Blog
Imperva Blog
added 2019/10/01 6:55 p.m.107 views

New Research From Imperva Bot Management Tracks Gift Card Abuse

Researchers at Imperva Bot Management formerly Distil Networks have been tracking online bots that target the e-commerce gift card systems of major online retailers. The threat actors they’ve studied show remarkable resourcefulness and adaptability. In a recent podcast, Imperva Bot Management’s...

Exploits0
Imperva Blog
Imperva Blog
added 2021/03/08 9:35 p.m.106 views

Imperva recognized as a ‘Leader’ in The Forrester Wave™: DDoS Mitigation Solutions, Q1 2021 Report

We are delighted to share that Imperva has been named a leader in The Forrester Wave: DDoS Mitigation Solutions, Q1 2021 report, a trusted source for technology buyers which helps security and risk professionals select the right vendor for their needs. You can download a copy of the report here...

0.7AI score
Exploits0
Total number of security vulnerabilities1025