Lucene search
K
ImpervablogMost viewed

1025 matches found

Imperva Blog
Imperva Blog
added 2021/05/04 11:41 a.m.42 views

Why Software Supply Chain Attacks Are Inevitable and What You Must Do to Protect Your Applications

Most organizations have limited visibility over their software supply chain and little control of up to 95% of the software code they utilize. With multiple code sources from multiple software vendors, the number of known and unknown vulnerabilities quickly grows beyond the capabilities of intern...

0.6AI score
Exploits0
Imperva Blog
Imperva Blog
added 2018/03/01 5:0 p.m.42 views

New 10 Second SLA For Rapid DDoS Mitigation

Two months ago, we updated the Imperva Incapsula SLA service level agreement to guarantee network and application layer DDoS attack mitigation in under 10 seconds. This commitment sets a new standard for time to mitigation TTM, made possible by improvements to our DDoS mitigation technology and...

7.1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2018/01/29 4:0 p.m.42 views

Cloud Migration Checklist for Application and Data Security

In the final post of our series on cloud migration, we’ve put together a list of strategic and immediate considerations as you plan to migrate your business to the cloud. From a high-altitude viewpoint, cloud security is based on a model of “shared responsibility” in which the concern for securit...

6.8AI score
Exploits0
Imperva Blog
Imperva Blog
added 2017/07/31 3:30 p.m.42 views

Clustering and Dimensionality Reduction: Understanding the “Magic” Behind Machine Learning

These days we hear about machine learning and artificial intelligence AI in all aspects of life. We see machines that learn and imitate the human brain in order to automate human processes. There are autonomous cars that learn the road conditions to drive, personal assistants we can converse with...

6.5AI score
Exploits0
Imperva Blog
Imperva Blog
added 2017/05/18 4:29 p.m.42 views

Top 5 GDPR Myths: Get the Facts

The General Data Protection Regulation GDPR has been garnering much attention since its formal adoption in April 2016. With the effective date of May 25, 2018 fast approaching, some popular myths have emerged surrounding the regulation. In this blog post, we’ll examine and debunk a few of the mos...

6.3AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/12/09 12:38 p.m.41 views

Log4j: One Year Later

One year ago, the Log4j remote code execution vulnerability known as Log4Shell CVE-2021-44228 was announced. The critical severity level vulnerability in a logging framework used across virtually all Java environments quickly set the internet on fire when it was released and exploited. It’s...

10CVSS10AI score0.99999EPSS
Exploits481
Imperva Blog
Imperva Blog
added 2021/08/12 1:24 p.m.41 views

Game On: A Summer of Cybercrime Reveals Evolving Bot Threat

Fans around the world clamored online, and even in-person, over the past several weeks to enjoy the thrill of competition. From the Tour De France and EURO 2020 tournament in June to the recent Summer Olympic Games in Tokyo, fans were eager to cheer on their nations and make a little money in the...

7.1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2021/06/10 1:36 p.m.41 views

Infographic: What Are Bad Bots Doing?

By now, anyone with even a passing interest in how the Web functions has heard of bots. Most people understand that there are good and bad bots. Legitimate bots like Googlebot, an application used by Google to crawl the Internet and index it for search, and others like it represent tremendous...

0.6AI score
Exploits0
Imperva Blog
Imperva Blog
added 2021/06/01 2:14 p.m.41 views

Infographic: How Are Bad Bots Hurting Your Business?

Bad bots are software applications which run automated tasks with malicious intent over the internet. They scrape data from sites without permission in order to reuse it and gain a competitive edge e.g. pricing, inventory levels, proprietary content, etc.. They are used for scalping, the act of...

0.1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2020/07/02 6:55 a.m.41 views

Why should you worry about DNS attacks?

Domain Name System DNS is a very basic protocol and service that enables Internet users and network devices to discover websites using human-readable hostnames instead of numeric IP addresses. This article provides a detailed explanation of how DNS works. If the DNS service is attacked or doesn’t...

0.2AI score
Exploits0
Imperva Blog
Imperva Blog
added 2020/04/13 6:8 p.m.41 views

The 2020 Cyberthreat Defense Report: Simplify Security with Unified Tools and Monitoring

The CyberEdge Group’s recently released 2020 Cyberthreat Defense Report CDR details findings based on a survey of 1200 security IT professionals from around the globe. Although multiple key takeaways emerged from analyzing their perceptions and insights, it’s worth digging a little further into o...

0.5AI score
Exploits0
Imperva Blog
Imperva Blog
added 2018/03/01 7:30 p.m.41 views

Inside a New DDoS Amplification Attack Vector via Memcached Servers

We recently saw a new DDoS amplification attack vector via memcached servers that culminated in two massive DDoS amplification attacks on February 28. Both attacks were mitigated successfully. Here’s how memchached servers work and how the attacks unfolded. Memcached servers Unless updated within...

6.9AI score
Exploits0
Imperva Blog
Imperva Blog
added 2017/06/29 3:30 p.m.41 views

Move Securely to the Cloud: WAF Requirements and Deployment Options

Moving to the cloud has become an overwhelmingly popular trend even among organizations that were at first reluctant to make the move. Wherever you are in your cloud migration plan, it can take time, sometimes years, and often starts with first moving peripheral workloads to the cloud while leavi...

7.3AI score
Exploits0
Imperva Blog
Imperva Blog
added 2021/03/10 6:14 p.m.40 views

Don’t Be a Victim of Cyber Extortion

There’s no doubt that cybercrime is on the rise, and bad actors are constantly on the lookout for vulnerabilities. In the first half of 2020 data breaches exposed over 36 billion records. Attacks are becoming more wide-spread and more prolific. Malicious hackers are exploiting zero-day...

0.4AI score
Exploits0
Imperva Blog
Imperva Blog
added 2020/04/21 8:31 a.m.40 views

Bad Bot Report 2020: Bad Bots Strike Back

The 7th Annual Bad Bot Report is now available from Imperva. Prepared by data from Imperva’s Threat Research Lab, it provides a comprehensive look at the bad bot landscape and the impact of this malicious traffic across multiple industries. Bad bot traffic rose to 24.1%, it’s highest proportion...

2.6AI score
Exploits0
Imperva Blog
Imperva Blog
added 2020/04/16 6:23 p.m.40 views

New Cyber Threat Index Shows Industries Are Under Attack in Uncertain Times

It has been more than a month since businesses around the world started to implement contingencies in response to the Coronavirus. The Cyber Threat Index Report by Imperva Research Labs tracks changes in traffic and attack trends across multiple industries and countries. This month’s edition look...

0.6AI score
Exploits0
Imperva Blog
Imperva Blog
added 2020/01/14 11:25 p.m.40 views

Businesses Will Buy Down Risk With Defense-in-Depth – 2020 Trend #5

As 2019 came to an end, Imperva CTO Kunal Anand began working with our global research team, Imperva Labs, to put together a list of the most important cybersecurity issues security leaders should be prepared for in 2020. He published his list in the blog, “Top 5 Cybersecurity Trends to Prepare f...

0.2AI score
Exploits0
Imperva Blog
Imperva Blog
added 2019/12/16 1:33 p.m.41 views

SQL Server 2019 Security Tool Inadvertently Reveals Where Sensitive Data is Stored

The first step in protecting your data and ensuring your database is compliant with security benchmarks and privacy regulations such as SOX, PCI, HIPAA, and GDPR is to understand what sensitive information resides in that database. Microsoft’s SQL Server 2019 introduces a new tool SQL Data...

0.7AI score
Exploits0
Imperva Blog
Imperva Blog
added 2017/10/03 3:30 p.m.40 views

Professional Services for GDPR Compliance

The GDPR effective date is less than seven months away and the stakes are high. GDPR non-compliance penalties have the potential to be quite significant up to 79 times higher than existing guidelines, and GDPR applies to any organization of any size that collects or processes personal data...

6.7AI score
Exploits0
Imperva Blog
Imperva Blog
added 2021/09/06 11:40 a.m.39 views

How to Exploit SQL Server Using OLE Automation

As part of the Imperva Research Labs we have the opportunity to examine various security scenarios. In this post, we will consider database security on SQL Server. One standard method that security practitioners use to protect databases is deploying honeypots and waiting for hackers to take the...

0.3AI score
Exploits0
Imperva Blog
Imperva Blog
added 2021/08/03 1:8 p.m.39 views

5 reasons why depending on your ISP for DDoS protection is a bad idea

A distributed denial of service DDoS attack is a malicious attempt to make an online service unavailable to users, usually by temporarily interrupting or suspending the services of its hosting server. Once thought of as prankish annoyance, DDoS attacks today are often a tool for cybercriminals to...

0.5AI score
Exploits0
Imperva Blog
Imperva Blog
added 2021/06/03 4:53 p.m.39 views

Making Diversity and Inclusion a Business Imperative at Imperva

To create meaningful change, you need to be the difference you wish to see in the world. At Imperva, we’re taking meaningful action and investing to create a workplace that brings together all voices, experiences and identities. We recognize that true innovation requires diversity of thought,...

7.1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2021/05/25 12:47 p.m.39 views

Why Geek Pride Day is Something to be Proud Of

It’s fair to say that the majority of us who work in cybersecurity are ‘of a certain mindset’. There’s something that comes with the culture and tradition of personal computing, coding, and data that fosters an interest in elements of geek counter culture. Happy to wear our fandoms, obsessions, a...

7AI score
Exploits0
Imperva Blog
Imperva Blog
added 2021/05/18 1:37 p.m.39 views

Fast, Effective N-grams Extraction and Analysis with SQL

Features extraction is expensive, especially when dealing with big data. That’s why it’s great when you have the ability to preprocess close to the database - the data stays in the DB and doesn’t have to move out, unless necessary. One common approach for text data representation is N-grams...

7.7AI score
Exploits0
Imperva Blog
Imperva Blog
added 2021/03/05 2:8 p.m.39 views

Anatomy of a Security Super Bowl Dynasty, Part 2: The Offense

Imperva’s Directors of Technology in the Office of the CTO, Brian Anderson and Craig Burlingame, recently conducted an informal education session titled Creating a Security Super Bowl Dynasty. In this presentation, they used examples of how teams create consistent, sustainable success in American...

0.2AI score
Exploits0
Imperva Blog
Imperva Blog
added 2021/02/04 6:22 p.m.39 views

Post-Pandemic world, Shut-downs, and Web Security Connections

As the anniversary of the World Health Organization’s WHO declaration of the COVID-19 pandemic approaches, we, here in Silicon Valley, have great hope for 2021. As the vaccine distribution continues to trickle to Main Street, Californians have recently exited a stay-at-home mandate that has nearl...

0.5AI score
Exploits0
Imperva Blog
Imperva Blog
added 2020/07/20 5:50 a.m.39 views

The Anatomy of Massive Application Layer DDoS Attacks

During 2020 between June 18 and June 24 Imperva mitigated massive 200K RPS Request Per Second attacks on a daily basis. Here at Imperva we investigate major attacks we mitigated in order to gain a better understanding of their anatomy and allow for smarter mitigation. In this blog post we’ll...

0.6AI score
Exploits0
Imperva Blog
Imperva Blog
added 2020/05/19 2:18 p.m.39 views

When Bandwidth Doesn’t Last

Introduction Imperva’s Cloud WAF networking team went through a major transition from an operation team to a development team during the SDN era. We saw new products emerging for our network infrastructure - moving from manual operation to automatic. But, while the change of mindset from being an...

Exploits0
Imperva Blog
Imperva Blog
added 2020/03/16 10:32 p.m.39 views

Imperva Wants to Hear From YOU!

Imperva is pleased to announce UserVoice, a new product feedback system that allows YOU to shape the future of Imperva product lines. UserVoice empowers Imperva users to share feedback and ideas in one comprehensive, crowd-sourced place where they can also see and react to the ideas others submit...

0.5AI score
Exploits0
Imperva Blog
Imperva Blog
added 2020/02/26 8:17 a.m.39 views

Lift the DDoS Smokescreen: Investigate Underlying Attacks

"Hold out baits to entice the enemy. Feign disorder, and crush him." Sun Tzu The sophistication of cybercriminals and the attraction of the “Black Hat” cyberspace have grown dramatically over the years. In the past, cyber assaults were carried out mostly by amateurs, motivated by boredom or plain...

0.9AI score
Exploits0
Imperva Blog
Imperva Blog
added 2019/12/11 7:4 p.m.39 views

Top 5 Cybersecurity Trends to Prepare for in 2020

I don’t need a crystal ball to predict that in 2020 cybersecurity attacks will accelerate and the tactics will evolve. We’ll continue to be hounded by greater volumes of the attacks that have threatened us for years and, as businesses adopt new innovations, new vulnerabilities to threats will...

6.9AI score
Exploits0
Imperva Blog
Imperva Blog
added 2021/07/13 1:23 p.m.38 views

Game Over: How to Stop DDoS Attacks on Online Gamers

You’re just about to take out a long-time rival, claim Victory Royale or round out a royal flush when your ping spikes or you’re DCed. Chances are you, or the game you’re playing, have been hit by a denial of service DoS attack. What’s the story? A recent report cited that of all cyber attacks...

Exploits0
Imperva Blog
Imperva Blog
added 2021/06/17 4:19 p.m.38 views

Lessons Learned from 100 Data Breaches: Part 4, Trends in Average Volumes of Stolen Records

Imperva research shows an increase in the volume of data stolen every year. In 2020, we started to see more and more breaches that exfiltrate records in billions. Based on the analysis of thousands of data breach details published on dbdigest, we made calculations on the raw data and found some...

0.6AI score
Exploits0
Imperva Blog
Imperva Blog
added 2021/05/13 2:47 p.m.38 views

JavaScript Fraud: More Than Just Magecart and Skimming

The global pandemic has driven a sharp rise in online traffic that provides fertile ground for attackers to execute a growing number of more sophisticated client-side attacks. For example, Magecart-style attacks are used to steal sensitive information by skimming data either through a first-party...

7.2AI score
Exploits0
Imperva Blog
Imperva Blog
added 2021/05/12 1:6 p.m.38 views

From the Data Scientist’s Desk: How to Tune a Model Using Simple Analytics on the Feature Contribution Data

My story: My model looked good. It was as accurate as I wanted it to be and I was happy with it from one experiment to another. When I decided to change the test data set a bit, everything fell apart. Accuracy dropped and I had no clue why. I had to run the test again. And again. Ten tests later,...

0.1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2021/03/30 4:31 p.m.38 views

A Few Hours After the Publication: Dozens of Scanning Attempts for Vulnerable PHP Servers

On March 28th the official PHP Git repository was compromised in order to open a backdoor into many web servers. The attackers were able to gain access to the PHP official main Git server, uploading two malicious commits, including a backdoor. The malicious commits were discovered a few hours...

0.7AI score
Exploits0
Imperva Blog
Imperva Blog
added 2021/02/01 8:25 p.m.38 views

How Grinch Buying Bots Took the Gaming Hardware Market Hostage

In video games jargon, the phrase “Console Wars" refers to the fierce competition between hardware manufacturers for market share. It turns out, however, that the only war going on at the moment is for acquiring a console. And thus far, Grinch Bots are winning. Video Games’ Popularity Is Peaking...

7AI score
Exploits0
Imperva Blog
Imperva Blog
added 2021/01/28 2:18 p.m.38 views

Why Data Security and Privacy in the digital age are crucial

Privacy is considered a basic human right but, with so much of our personal data now ‘out there’ in cyberspace, how private can it really be? Data is everywhere, and with rising internet usage, an increase in cloud technologies, and our growing reliance on IoT devices, it continues to grow...

1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2020/09/10 7:25 a.m.38 views

Top Security and Data Privacy Regulations for Financial Services

Regulatory compliance has become an increasingly more important part of the financial services industry in recent years. And it’s a trend that’s likely to continue due to the upsurge in cloud computing, the use of mobile applications, and a shift to IoT devices, all of which are driving exponenti...

6.5AI score
Exploits0
Imperva Blog
Imperva Blog
added 2020/05/18 1:42 p.m.38 views

Cloud Compliance – A Top Challenge for organizations

Regulatory compliance violations are among the top three biggest Cloud Application Security challenges for organizations, according to the CyberEdge Group’s ‘2020 Cyberthreat Defense Report’. Equally concerning are ‘Limitations of cloud service provider’s security tools’ which come in joint secon...

6.7AI score
Exploits0
Imperva Blog
Imperva Blog
added 2020/04/26 11:51 a.m.38 views

More Insights on The Global DDoS Threat Landscape

Recently, edge services product manager David Elmaleh and Imperva Research Labs’ data scientist Johnathan Azaria shared their DDoS knowledge in a live BrightTalk webinar about the current threat landscape and what you need to do to ensure you are adequately prepared. David and Johnathan not only...

0.1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2019/09/18 12:22 p.m.38 views

E-commerce: Bad bots are ready for the holidays. Are you?

The busiest time for online retailers is almost upon us—the holiday season. Each business is looking at ways to take advantage of cyber week when a significant portion of annual sales are made. At this time, preparation is well underway for Black Friday and Cyber Monday promotions. But another...

0.2AI score
Exploits0
Imperva Blog
Imperva Blog
added 2018/09/17 8:49 p.m.38 views

Explainer Series: RDaaS Security and Managing Compliance Through Database Audit and Monitoring Controls

As organizations move to cloud database platforms they shouldn't forget that data security and compliance requirements remain an obligation. This article explains how you can apply database audit and monitoring controls using Imperva SecureSphere V13.2 when migrating to database as a service clou...

0.1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2018/05/09 8:49 p.m.38 views

Want to See What A Live DDoS Attack Looks Like?

We’re fortunate enough to have had Andy Shoemaker, founder of NimbusDDoS, and our own Ofer Gayer chat about DDoS attacks and shed some light on the gaps in many people’s understanding of the threats out there. In a new BrightTALK webinar alongside Imperva Senior Product Manager, Ofer, Andy...

1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2026/05/18 11:0 a.m.37 views

Dify: When Your AI Platform Becomes the Attack Surface

Executive Summary We identified a couple of vulnerabilities in AI automation platform Dify resulting in cross-tenant sensitive information disclosure and one-click account takeover. These findings reinforce the pattern we documented in our previous n8n blogpost: even though AI automation platform...

6.1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2024/06/07 4:33 p.m.37 views

Imperva Protects Against Critical PHP Vulnerability CVE-2024-4577

In the ever-evolving landscape of cybersecurity, staying ahead of vulnerabilities is crucial for safeguarding sensitive information and maintaining the integrity of digital assets. Recently, a critical vulnerability– identified as CVE-2024-4577 with an initial CVSS score of 9.8 – was discovered i...

9.8CVSS10AI score0.99987EPSS
Exploits64
Imperva Blog
Imperva Blog
added 2024/05/30 4:40 p.m.37 views

Mitigate Http/2 continuations with Imperva WAF

As the threat landscape continues to grow, with new breaches being announced every day, Imperva continues to stay one step ahead of attackers. HTTP/2 exploits seem to be growing every quarter as more attackers use this vulnerability in new ways. We previously wrote about how Imperva protected its...

7.2AI score
Exploits0
Imperva Blog
Imperva Blog
added 2021/09/01 1:40 p.m.37 views

Cheap and nasty: How for $100 low-skilled ransom DDoS extortionists can cripple your business

Distributed Denial of Service DDoS attacks capable of crippling network resources and websites can be rented online for as little as $5 an hour. With an average financial impact of $100k for just one hour of downtime, that’s a serious return on cybercriminal investment. And that’s just for the...

0.4AI score
Exploits0
Imperva Blog
Imperva Blog
added 2021/04/30 12:12 p.m.37 views

Benefits of Building a Multi-prong Mousetrap for WAF Policies with ML

The reason behind buying a market-leading Web Application Firewall WAF is to protect your website and web applications from malicious attacks, plus complying with industry or regional data and privacy standards. In addition to the typical OWASP Top 10 vulnerabilities, WAFs need to address a litan...

7.1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2021/02/25 5:47 p.m.37 views

Anatomy of a Security Super Bowl Dynasty, Part 1: The Defense

Imperva’s Directors of Technology in the Office of the CTO, Brian Anderson and Craig Burlingame, recently conducted an informal education session titled Creating a Security Super Bowl Dynasty. In this presentation, they used examples of how teams create consistent, sustainable success in American...

0.2AI score
Exploits0
Total number of security vulnerabilities1025