Lucene search
K
ImpervablogMost viewed

1025 matches found

Imperva Blog
Imperva Blog
added 2020/05/06 3:59 p.m.73 views

Imperva Poised to Deliver its Leading Advanced Bot Protection and Network Security in India

With a presence in India since 2017, Imperva is continuing to provide a level of security excellence in the region. With Asia in general as both the target and source of most network DDoS attacks, and India topping the list for the first time in our latest DDoS threat landscape report, this is mo...

1.5AI score
Exploits0
Imperva Blog
Imperva Blog
added 2019/02/25 9:22 p.m.73 views

Latest Drupal RCE Flaw Used by Cryptocurrency Miners and Other Attackers

Another remote code execution vulnerability has been revealed in Drupal, the popular open-source Web content management system. One exploit — still working at time of this writing — has been used in dozens of unsuccessful attacks against our customers, with an unknown number of attacks, some like...

7.9AI score
Exploits0
Imperva Blog
Imperva Blog
added 2020/01/07 9:5 p.m.72 views

Automated Attacks Call for Automated Protection – 2020 Trend #3

In our blog series on security trends, we’ve been diving deeper into the five security predictions for 2020 made by our CTO Kunal Anand during his fireside chat with Imperva CMO David Gee. Watch it here. As I'll discuss in my upcoming blog on defense-in-depth and reducing risk, being “connected”...

Exploits0
Imperva Blog
Imperva Blog
added 2019/03/20 1:0 p.m.72 views

Now-Patched Google Photos Vulnerability Let Hackers Track Your Friends and Location History

A now-patched vulnerability in the web version of Google Photos allowed malicious websites to expose where, when, and with whom your photos were taken. Background One trillion photos were taken in 2018. With image quality and file size increasing, it’s obvious why more and more people choose to...

6.9AI score
Exploits0
Imperva Blog
Imperva Blog
added 2017/11/02 3:30 p.m.72 views

Cloud WAF Versus On-Premises WAF

“The Times They Are a Changin’”, Bob Dylan knew it in 1964 and what was true then is even move true today. There continues to be ongoing debate on web application firewalls WAFs, specifically which is better for the enterprise—on-premises solutions or those in the ever-changing cloud. When...

6.5AI score
Exploits0
Imperva Blog
Imperva Blog
added 2017/06/12 3:30 p.m.72 views

Today’s File Security is So ‘80s, Part 2: Detect Suspicious File Access with Dynamic Peer Groups

In a previous post, we shared three primary reasons why the traditional, static approach to file security no longer works for today’s modern enterprises. Working groups are formed organically and are cross-functional by nature, making a black and white approach to file access control outdated—it...

6.6AI score
Exploits0
Imperva Blog
Imperva Blog
added 2021/08/17 4:0 p.m.71 views

Brace yourselves: Holiday shopping season is coming

The E-commerce market has seen tremendous revenue growth during the pandemic. Along with that good news for E-business, there has been an increase in fraudulent activities online that may cost retailers over $20 billion in losses by the end of 2021. According to eMarketer, worldwide retail...

7AI score
Exploits0
Imperva Blog
Imperva Blog
added 2020/10/22 1:7 p.m.71 views

CrimeOps of the KashmirBlack Botnet – Part I

Introduction Being in a research team exposes us to a variety of attacks on different platforms, of different types, scope, and volume. It also gives us the opportunity to select particularly interesting attacks that target our customers and to analyze them. This blog will give you a taste of the...

7.5CVSS0.2AI score0.99999EPSS
Exploits19
Imperva Blog
Imperva Blog
added 2020/06/08 8:13 p.m.71 views

Pinpoint and Act Upon “Bad Reputation” IPs

There’s no question that today’s cyber attackers use increasingly sophisticated methods in order to disrupt business or steal private data. And faced with so many attacks from various sources, IT professionals are forced to constantly challenge themselves to identify those alerts more critical th...

0.4AI score
Exploits0
Imperva Blog
Imperva Blog
added 2018/07/03 8:41 p.m.71 views

Back to Basics: Let’s Forget About the GDPR… For A Moment

At this point it’s fairly safe to assume that most everyone in the business of “data” has heard of the European Union EU-wide General Data Protection Regulation GDPR that was signed into law in late April 2016; with the compliance deadline having come into effect on May 25, 2018. Clearly, this ne...

Exploits0
Imperva Blog
Imperva Blog
added 2024/10/22 1:0 p.m.70 views

ShadyShader: Crashing Apple Devices with a Single Click

Introduction A while ago, we discovered an interesting vulnerability in the GPU’s drivers of iPhones, iPads, and macOS computers with M-series chips. Dubbed ShadyShader, this flaw allows a specially crafted shader program to overwhelm Apple’s GPU, causing repeated freezes that ultimately lead to ...

6.4AI score0.00913EPSS
Exploits0
Imperva Blog
Imperva Blog
added 2023/10/11 10:29 p.m.70 views

Atlassian CVE-2023-22515 Blocked by Imperva

Atlassian, an Australian software company, has released emergency security updates to address a severe zero-day vulnerability in its Confluence Data Center and Server software. This vulnerability is actively being exploited, allowing attackers to create unauthorized Confluence administrator...

7.5CVSS7.3AI score0.99156EPSS
Exploits39
Imperva Blog
Imperva Blog
added 2019/03/07 7:0 p.m.70 views

Mapping Communication Between Facebook Accounts Using a Browser-Based Side Channel Attack

A now-patched vulnerability in the web version of Facebook Messenger allowed any website to expose who you have been messaging with. In a previous post, I showed how your Facebook likes, location history, and other metadata could have been extracted from your Facebook account using a side-channel...

6.7AI score
Exploits0
Imperva Blog
Imperva Blog
added 2018/07/31 6:31 p.m.70 views

Onwards and Upwards: Our GDPR Journey and Looking Ahead

At Imperva, our world revolves around data security, data protection, and data privacy. From our newest recruits to the most seasoned members of the executive team, we believe that customer privacy is key. For the better part of the last two years, Imperva has laid the foundation for our complian...

1.6AI score
Exploits0
Imperva Blog
Imperva Blog
added 2018/07/18 4:0 p.m.70 views

Drupal, Phishing and A New Cryptomining Botnet

It’s a well-known fact that security solutions must quickly adapt to new attack methods. There are several ways to achieve this goal, regularly applying security patches and updates, relying on threat intelligence and more. At Imperva, we use pattern anomaly detection as one of the tools to...

7.3AI score
Exploits0
Imperva Blog
Imperva Blog
added 2018/02/22 4:30 p.m.70 views

NetRefer Chooses Imperva Incapsula WAF: A Case Study

Since 2005, companies have been using NetRefer’s performance marketing software to fully automate their affiliate programs. From enrollment through customer relationship management CRM, tracking, finance and rewards management and payments, NetRefer’s Unified Performance Marketing Platform...

7.3AI score
Exploits0
Imperva Blog
Imperva Blog
added 2017/08/24 3:30 p.m.70 views

Analysis of Ronggolawe Ransomware and How to Block It

In the last few years ransomware attacks have been significantly on the rise. This infamous trend began by targeting end point users’ machines, such as personal desktop and laptops. Later, it evolved and broadened the attack surface to target mobile phones and servers. Web Servers Not Immune to...

8.1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2018/04/04 7:30 p.m.69 views

Streamline Compliance with SWIFT Customer Security Program Requirements

Transferring money from our bank accounts has never been easier than it is today. With a single click on our smartphones, we can transfer money from a bank account in New York to an account at a different bank in the Netherlands. This advancement is largely a result of the fluent communication...

7.2AI score
Exploits0
Imperva Blog
Imperva Blog
added 2019/03/21 3:53 p.m.68 views

Imperva Cloud WAF and Graylog, Part II: How to Collect and Ingest SIEM Logs

This guide gives step-by-step guidance on how to collect and parse Imperva Cloud Web Application Firewall WAF, formerly Incapsula logs into the Graylog SIEM tool. Read Part I to learn how to set up a Graylog server in AWS and integrate with Imperva Cloud WAF. This guide assumes: You have a clean...

0.1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2018/07/09 4:35 p.m.68 views

WordPress Arbitrary File Deletion Vulnerability Plugged With Patch 4.9.7

On Jun 26 an arbitrary file deletion vulnerability in the WordPress core was publicly disclosed, the vulnerability could allow an authenticated attacker to delete any file and in some cases execute arbitrary code. WordPress is a free, popular, and open-source content management system currently...

1.4AI score
Exploits0
Imperva Blog
Imperva Blog
added 2021/09/30 1:48 p.m.67 views

A security architect’s POV on a mature data-centric security program, Part 2

In part one of this series, we explored the challenges associated with accessing and searching long-term retained database activity logs, and identifying sensitive customer data to comply with stricter compliance regulations. In this post, you’ll see through a security architect’s eyes the...

0.2AI score
Exploits0
Imperva Blog
Imperva Blog
added 2019/05/13 2:0 p.m.67 views

Cloud WAAPs Are the Future of Application Security. But What Does That Mean?

Millions of Verizon FIOS broadband users vulnerable to hackers controlling and surveilling their home networks. Thousands of GPS watches whose maps were open to attackers tracking and eavesdropping on children and elderly users. A zero-day hole in Microsoft’s Edge and Internet Explorer browsers...

1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2019/02/04 7:5 p.m.67 views

The Challenges of DIY Botnet Detection – and How to Overcome Them

Botnets have been around for over two decades, and with the rise of the Internet of Things IoT they have spread further to devices no one imagined they would - printers, webcams, and even toasters and fridges. Some botnets enlist infected devices to mine cryptocurrency or steal passwords from oth...

Exploits0
Imperva Blog
Imperva Blog
added 2018/02/26 5:0 p.m.67 views

A Deep Dive into Database Attacks [Part II]: Delivery and Execution of Malicious Executables through SQL commands (SQL Server)

An organization’s database servers are frequently the prime target of attackers. We recently started a new research project we named StickyDB to learn more about database hacking, primarily to understand common database attacks, tools and techniques engaged by attackers. To conduct this research,...

7.8AI score
Exploits0
Imperva Blog
Imperva Blog
added 2019/05/09 2:56 p.m.66 views

Take these Five Steps to Really Mitigate your Data Breach Risks

Data breaches are a CSO/CISO’s worst nightmare. And they’re getting bigger and more damaging all the time. It’s no longer just hundreds of millions of users whose personal data is stolen at a time, but billions of users. That’s translating into ever-growing financial repercussions. The irony,...

Exploits0
Imperva Blog
Imperva Blog
added 2019/01/29 6:55 p.m.66 views

Meet the New Imperva – Defending Your Business Growth Today and Tomorrow

Today’s Imperva is a champion in the fight to secure data and applications, wherever they reside. The threat landscape is dangerous and ever-changing, but our thousands of customers know they can count on Imperva to protect them. No wonder our solutions are recognized as leaders by analysts such ...

0.6AI score
Exploits0
Imperva Blog
Imperva Blog
added 2018/07/13 10:23 p.m.66 views

Need for Speed: Optimizing Data Masking Performance and Providing Secure Data for DevOps Users

Let’s start with a pretty common life experience -- you identify a need e.g., transportation, you evaluate your options e.g., evaluate car manufacturers, various features, pricing, etc., and you decide to purchase e.g., vehicle X. This process repeats itself over and over again regardless of the...

Exploits0
Imperva Blog
Imperva Blog
added 2017/07/26 10:0 a.m.66 views

Three Telltale Signs a Hacker Has Been in Your Account

Imperva’s latest Hacker Intelligence Initiative HII report, Beyond Takeover - Stories from a Hacked Account, was just released. With this research, we set forth to learn about the dynamics of phishing attacks from the victim’s perspective and shed some light on attacker practices. Our intent was ...

6.9AI score
Exploits0
Imperva Blog
Imperva Blog
added 2020/01/17 10:4 p.m.65 views

Imperva Launches New Data Center in Argentina

Imperva’s New Expansion We are happy to announce that Imperva has launched our new Buenos Aires data center. We’re thrilled to bring our leadership in cybersecurity plus enhanced performance and decreased latency to Argentina and the surrounding countries in the region. Our new data center is now...

0.3AI score
Exploits0
Imperva Blog
Imperva Blog
added 2019/08/20 4:2 p.m.65 views

Your Business is Compliant with Data Security Regulations. It’s Still not Safe.

There has been plenty of discussion about the impact of global data regulations on data security practices. Particularly with the implementation of the EU’s GDPR last year, organizations in every industry have been scrambling to develop new security practices to avoid fines and the associated bad...

1.1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2018/07/12 2:42 p.m.65 views

A WordPress SPAMbot Wants You to Bet on the 2018 FIFA World Cup

Our researchers recently picked up on a spike in SPAM activity directed at sites powered by WordPress, which, naturally, led them to take a closer look. Turns out the attack was launched by a botnet and implemented in the form of comment SPAM - meaningless, generic text generated from a template...

8.1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2018/04/13 4:12 p.m.65 views

Securing Modern Web Applications: Threats and Types of Attacks

Web Application Firewalls are the most advanced firewall capabilities available to IT teams. Deploying the appropriate WAF is important, especially these days when the security threat landscape is changing so rapidly. In a previous post, we introduced Web Application Firewalls: Securing Modern We...

0.6AI score
Exploits0
Imperva Blog
Imperva Blog
added 2017/06/01 3:30 p.m.65 views

GDPR Readiness – Calculate Your Return on Security Investment (ROSI)

What is the cost of a data breach? Assuming annual revenue of £30M, a single fine could be as much as a whopping £1.2M—the maximum 4%—when the European Union’s General Data Protection Regulation GDPR becomes effective in May 2018. Compare that to a database control cost factor of £750K, the cost ...

6.6AI score
Exploits0
Imperva Blog
Imperva Blog
added 2024/03/20 4:56 p.m.64 views

New Sysrv Botnet Variant Makes Use of Google Subdomain to Spread XMRig Miner

Sysrv is a well-documented botnet first identified in 2020, with the main payload being a worm written in Golang. It drops a cryptominer onto infected hosts before attempting to propagate itself using various methods, including network vulnerabilities. Over the past few years, the botnet has...

7.5CVSS10AI score0.99999EPSS
Exploits98
Imperva Blog
Imperva Blog
added 2020/08/06 11:21 a.m.64 views

Avoid Alert Fatigue: How to Automatically Get Rid of WAF False Positive

Alert fatigue - introducing false positives in WAF All WAF experts know what it’s like handling massive amounts of alerts. They’re also very likely wasting a lot of time fishing false positives out of all these alerts. The WAF’s purpose is to block attacks and let legitimate traffic through. Fals...

6.4AI score
Exploits0
Imperva Blog
Imperva Blog
added 2018/11/13 2:31 p.m.64 views

Patched Facebook Vulnerability Could Have Exposed Private Information About You and Your Friends

In a previous blog we highlighted a vulnerability in Chrome that allowed bad actors to steal Facebook users’ personal information; and, while digging around for bugs, thought it prudent to see if there were any more loopholes that bad actors might be able to exploit. What popped up was a bug that...

6.7AI score
Exploits0
Imperva Blog
Imperva Blog
added 2018/08/24 8:12 p.m.64 views

Static vs Dynamic Data Masking: Why Are We Still Comparing the Two?

Earlier this month a leading analyst released their annual report on the state of Data Masking as a component of the overall Data Security sector; which included commentary on what’s known as ‘static’ data masking and an alternative solution known as ‘dynamic’ data masking. And these two solution...

7.8AI score
Exploits0
Imperva Blog
Imperva Blog
added 2018/08/15 4:16 p.m.64 views

A Bug in Chrome Gives Bad Actors License to Play ‘20 Questions’ with Your Private Data

In a 2013 interview with The Telegraph, Eric Schmidt, then CEO of Google was quoted as saying: “You have to fight for your privacy or lose it.” Five years later, with the ‘Cambridge Analytica’ data breach scandal fresh in our memory, Eric Schmidt’s statement rings as a self-evident truth. Similar...

6.4AI score
Exploits0
Imperva Blog
Imperva Blog
added 2018/05/24 8:3 p.m.64 views

See If You’re GDPR-Ready With Our Last-Minute Checklist

Time’s just about run out to get all your ducks in a row for the EU’s General Data Protection Regulation GDPR going into effect on May 25, and we’ve put together a little refresher toolkit to help you dot your Is and cross your Ts. Whether you’re planning on sticking to the new GDPR guidelines or...

1.4AI score
Exploits0
Imperva Blog
Imperva Blog
added 2018/04/05 3:30 p.m.64 views

A Deep Dive into Database Attacks [Part IV]: Delivery and Execution of Malicious Executables through SQL Commands (MySQL)

In a previous post we covered different techniques for execution of SQL and OS commands through Microsoft SQL server that can be used for delivering and executing malicious payloads on the target system. In this post we’ll discuss the same topic for MySQL database. Creating an executable directly...

7.8AI score
Exploits0
Imperva Blog
Imperva Blog
added 2021/10/11 6:8 p.m.63 views

Learning how MTU and MSS work is key to using DDoS Protection as a Service

Maximum Transmit Unit MTU and Maximum Segment Size MSS are two important terms you should be familiar with when venturing into the world of networking, especially if you are working with GRE and IPSEC tunnels. And if you are looking to use DDoS Protection as a service, you will need to know how M...

0.2AI score
Exploits0
Imperva Blog
Imperva Blog
added 2020/01/31 8:29 p.m.63 views

Imperva Received Top Scores in Gartner’s “Critical Capabilities for Cloud Web Application Firewalls”

The web application landscape is constantly changing, and the tools needed for the best application security protection need to change with the landscape. With Imperva’s recent improvements in API Security, Bot Management, DDoS and Cloud WAF, it’s easy to see why we are among the highest-scored...

0.6AI score
Exploits0
Imperva Blog
Imperva Blog
added 2019/10/07 12:13 p.m.63 views

The Importance of the Customer’s Feedback in Product Design

We have learned over time that we develop products not for us the company, but for you, the customer, to help resolve your problems. But just resolving a customer's problem is not enough - the product should also be intuitive and easy to use. It’s clear that the best people to provide feedback...

0.2AI score
Exploits0
Imperva Blog
Imperva Blog
added 2019/05/21 6:37 p.m.63 views

Modern Database Security Buys Down More Risks for Enterprises

Pop quiz: how many data records are lost or stolen on an average day? 1 million? 3 million? 6 million? If you answered 6 million, you’re correct, according to the Breach Level Index. According to the Index, 14.7 billion records have been lost or stolen since 2013, or more than 2.2 billion per yea...

0.6AI score
Exploits0
Imperva Blog
Imperva Blog
added 2018/12/17 2:7 p.m.63 views

The Year Ahead: Cybersecurity Trends To Look Out for In 2019

A Proven Record Tracking Cybersecurity Trends This time of the year is always exciting for us, as we get to take a step back, analyze how we did throughout the year, and look ahead at what the coming year will bring. Taking full advantage of our team’s expertise in data and application security,...

7.5AI score
Exploits0
Imperva Blog
Imperva Blog
added 2018/04/26 8:7 p.m.63 views

Drupalgeddon3: Third Critical Flaw Discovered

For the third time in the last 30 days, Drupal site owners are forced to patch their installations. As the Drupal team noted a few days ago, new versions of the Drupal CMS were released, to patch one more critical RCE vulnerability affecting Drupal 7 and 8 core. The vulnerability, code-named...

3.1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2018/03/28 3:30 p.m.63 views

Making the Grade: Achieve SSL Labs A+ Grade with Imperva WAF

We all woke up to a new reality early last year. HTTPS adoption has reached the tipping point, meaning that more than half of web traffic is encrypted. The benefits of encrypting your traffic are obvious, right? It’s essentially about you securing data being transmitted by authenticating web...

6.4AI score
Exploits0
Imperva Blog
Imperva Blog
added 2018/11/28 8:40 p.m.62 views

Imperva Integration With AWS Security Hub: Expanding Customer Security Visibility

This article explains how Imperva application security integrates with AWS Security Hub to give customers better visibility and feedback on the security status of their AWS hosted applications. Securing AWS Applications Cost reduction, simplified operations, and other benefits are driving...

0.6AI score
Exploits0
Imperva Blog
Imperva Blog
added 2018/08/28 4:46 p.m.62 views

Explainer Series: What is Clickjacking?

Here we go, another online trap ready to ensnare unsuspecting – well, until now anyway – users. As if Phishing, Cryptojacking, credential stuffing and old school scamming wasn’t enough, folks really just can’t catch a break these days. Anyway, we’re here to chat about clickjacking, for those of y...

0.5AI score
Exploits0
Imperva Blog
Imperva Blog
added 2018/03/19 6:46 p.m.62 views

Data Security Solutions for GDPR Compliance

Enforcement of the new EU General Data Protection Regulation GDPR adopted in 2016 starts on May 25, 2018. It requires all organizations that do any business in the EU or that collect or process personal data originating in the EU to comply with the regulation. Organizations that do not have a...

7.1AI score
Exploits0
Total number of security vulnerabilities1025