1017 matches found
Need for Speed: Optimizing Data Masking Performance and Providing Secure Data for DevOps Users
Let’s start with a pretty common life experience -- you identify a need e.g., transportation, you evaluate your options e.g., evaluate car manufacturers, various features, pricing, etc., and you decide to purchase e.g., vehicle X. This process repeats itself over and over again regardless of the...
Building an Effective API Security Strategy: Easy If You Have the Right Tools
In their approach to application programming interface API security, organizations exposing web APIs must balance ease of access with control. Like the bank robber attacking banks because "that's where the money is," the use of APIs to provide access to applications and to business-critical data...
A WordPress SPAMbot Wants You to Bet on the 2018 FIFA World Cup
Our researchers recently picked up on a spike in SPAM activity directed at sites powered by WordPress, which, naturally, led them to take a closer look. Turns out the attack was launched by a botnet and implemented in the form of comment SPAM - meaningless, generic text generated from a template...
The Trickster Hackers – Backdoor Obfuscation and Evasion Techniques
A backdoor is a method for bypassing the normal authentication or encryption of a system. Sometimes developers construct backdoors to their own programs for various reasons. For example, to provide easy maintenance, developers introduce a backdoor that enables them to restore the manufacturer’s...
Optimizing A Monitoring System: Three Methods for Effective Incident Management
Picture this: You’ve just returned from a well-deserved vacation and, upon opening up your security monitoring system you’re faced with the prospect of analyzing thousands of events. This isn’t an imaginary scenario, the security monitoring world actually monitoring in general is full of anomalie...
WordPress Arbitrary File Deletion Vulnerability Plugged With Patch 4.9.7
On Jun 26 an arbitrary file deletion vulnerability in the WordPress core was publicly disclosed, the vulnerability could allow an authenticated attacker to delete any file and in some cases execute arbitrary code. WordPress is a free, popular, and open-source content management system currently...
Cloud Security For The Healthcare Industry: A No-Brainer
The healthcare industry has become one of the likeliest to suffer cyber-attacks, and there’s little wonder why. Having the financial and personal information of scores of patients makes it a very appetizing target for attackers. Just over a year ago, the WannaCry ransomware attack wreaked havoc o...
Back to Basics: Let’s Forget About the GDPR… For A Moment
At this point it’s fairly safe to assume that most everyone in the business of “data” has heard of the European Union EU-wide General Data Protection Regulation GDPR that was signed into law in late April 2016; with the compliance deadline having come into effect on May 25, 2018. Clearly, this ne...
Read: Our Top Picks for 2018’s Biggest Cybersecurity Stories… So Far
Our threat research team's been burning the candle at both ends this year, what with the sheer number of nasties out there at any given time. But with so many to choose from, how did we populate a list with just seven cybersecurity threats, and why? For one, it'll take the rest of the year to...
Cloud Migration Fundamentals: Overcoming Barriers to App Security [Infographic]
As more organizations move to the cloud, the line of responsibility in securing applications can become rather blurred. The concept of control has historically rested in physical location and ownership. With the move to the cloud, however, the idea of security by proxy is changing and so should o...
5 Key Factors to Consider When Comparing Cloud Security Solutions [Video]
Migrating to the cloud can be a challenge, and so can securing your platform once you’re there. It means having a security solution that is quick, adaptable and equipped to handle a wider breadth of attacks. Whether you’re in the market for a new security product, or you’re looking to switch, the...
How To Leverage Data Access Analytics for Effective Breach Detection
Detecting and preventing data breaches is a challenge for most, if not all, enterprises. In fact, according to a study released in 2017, 78% of all CISOs are concerned that data breaches go undetected, while only 19% admit they are effective at breach prevention. Simply put, breaches happen almos...
The Gartner CISO Playbook: Leveraging Effective Control in the Cloud
For as long as we can remember, the concept of control has rested comfortably in physical location and ownership. It’s simple, if you could see something or you knew exactly where it was, it would be easier to assume that you’d have some measure of control over its security. With the move to the...
Clustering App Attacks with Machine Learning Part 3: Algorithm Results
In the previous blog posts in this series, we discussed the motivation for clustering attacks and the data used and how to calculate the distance between two attacks using different methods on each feature we extracted. In this final blog post, we’ll discuss the clustering algorithm itself – how ...
Indonesian Hacker Group Cashes In On Blockbuster Movie Titles
When breaking the law isn't a barrier, there’s always a way to make a quick buck. We see it every day, and this time from an Indonesian cybercrime campaign infecting vulnerable websites by luring their visitors to a network of scam websites using blockbuster movies. The attack part I: Recruiting...
Monitoring Data & Data Access to Support Ongoing GDPR Compliance – Part III: Tools
The new European Union EU-wide General Data Protection Regulation GDPR was signed into law in late April 2016, and the compliance deadline came into effect on May 25, 2018. The Regulation is expansive and covers a variety of subject areas, provisions, and actions in the form of documented Article...
Clustering App Attacks with Machine Learning Part 2: Calculating Distance
In our previous post in this series we discussed our motivation to cluster attacks on apps, the data we used and how we enriched it by extracting more meaningful features out of the raw data. We talked about the many features that can be extracted from IP and URL. In this blog post we’ll discuss...
Clustering App Attacks with Machine Learning Part 1: A Walk Outside the Lab
A lot of research has been done on clustering attacks of different types using machine learning algorithms with high rates of success. Much of it from the comfort of a research lab, with specific datasets and no performance limitations. At Imperva, our research is done for the benefit of real...
Zero to Account Takeover: How I ‘Impersonated’ Someone Else Using Auth0
Since the publication of this blog, attempts have been made to discredit our findings, methodology and accuracy. Imperva stands by our research. Our findings were reported to Auth0 as part of their own bug bounty program, following their official process. Auth0 was kept informed of our findings a...
New research shows 75% of ‘open’ Redis servers infected
Since our initial report on the RedisWannaMine attack that propagates through open Redis and Windows servers, we’ve been hearing about more and more attacks on Redis servers. Redis is a great tool, it can serve as in-memory distributed database, cache or a message broker and is widely popular...
Leveraging Imperva Solutions for GDPR Compliance Part II: Pseudonymization
Down to the wire- the GDPR compliance deadline is here. It’s May 25 and the EU’s General Data Protection Regulation GDPR is live. As you know by now, the risk and potential costs associated with a failure to comply with the EU’s General Data Protection Regulation GDPR are substantial. GDPR...
Five Ways Imperva Attack Analytics Helps You Cut Through the Event Noise
The maddening volume of events security teams have to deal with each day is growing at an exponential pace, making it increasingly difficult to effectively analyze and process credible threats. As more organizations move to cloud-based solutions, applications now reside at multiple locations – on...
Survey: 27 Percent of IT professionals receive more than 1 million security alerts daily
Imagine trying to tackle over one million security alerts in a day. That number is so huge that it may sound like hyperbole, but this is exactly what many security teams face. Dealing with such a high volume of potential threats on a regular basis can quickly lead to alert fatigue. Sure, we expec...
See If You’re GDPR-Ready With Our Last-Minute Checklist
Time’s just about run out to get all your ducks in a row for the EU’s General Data Protection Regulation GDPR going into effect on May 25, and we’ve put together a little refresher toolkit to help you dot your Is and cross your Ts. Whether you’re planning on sticking to the new GDPR guidelines or...
Healthcare IT Leaders Most Concerned about Ransomware and Insider Threats: Survey
Just over a year ago, the WannaCry ransomware attack wreaked havoc on the UK National Health Service NHS, ultimately disrupting a third of its facilities and causing a rash of canceled appointments and operations. Breaches are always a concern in healthcare, but this incident brought to light its...
Database Activity Monitoring: Configuring a Cluster in Four Easy Steps
Imperva SecureSphere Database Activity Monitoring DAM offers multiple deployment modes, including managing your gateways in a cluster. There are four steps to configuring a gateway cluster and we’ll be discussing them in this post. But first, let’s review the advantages of using a cluster: High...
Facebook, GDPR and the Right to Privacy: Three’s a Crowd?
Back in 2016 the European Union voted to pass the mother of all security laws, aimed at further extending the rights of its citizens to control how their data is used. The General Data Protection Regulation GDPR guards users against having their information shared without their explicit consent,...
72 Hours: Understanding the GDPR Data Breach Reporting Timeline
We're down to the wire with respect to the General Data Protection Regulation GDPR compliance deadline of May 25, 2018. Organizations that fail to comply could face fines of up to €20M roughly $22M or 4 percent of their annual global turnover from the prior year and we’ll soon see just how EU...
New DDoS Attack Method Demands a Fresh Approach to Amplification Assault Mitigation
Amplification attack vectors are some of the most commonly used tools in the DDoS attacker’s arsenal. In the last quarter of 2017, we saw NTP amplification employed in roughly 33 percent of all DDoS assaults against our customers, while DNS and SSDP amplification vectors played a part in 17 perce...
Imperva Python SDK – We’re All Consenting SecOps Here
Managing your WAF can be a complicated task. Custom policies, signatures, application profiles, gateway plugins… there’s a good reason ours is considered the best in the world. Back when security teams were in charge of just a handful of WAF stacks and a few dozen applications, things were...
Want to See What A Live DDoS Attack Looks Like?
We’re fortunate enough to have had Andy Shoemaker, founder of NimbusDDoS, and our own Ofer Gayer chat about DDoS attacks and shed some light on the gaps in many people’s understanding of the threats out there. In a new BrightTALK webinar alongside Imperva Senior Product Manager, Ofer, Andy...
The AI’ker’s Guide to the (cybersecurity) Galaxy
As a security veteran I find myself from time to time having to explain to newbies the importance of adopting a ‘hacker’s way of thinking’, and the difference between hacker’s and builder’s thinking. If you can’t think like an attacker, how are you going to build solutions to defend against them?...
Configuring Imperva SecureSphere for GDPR Compliance: Part One
Time is running out. 23 days until GDPR enforcement The GDPR effective date is less than a month away and, given the significant risk and potential costs associated with a failure to comply, organizational readiness efforts continue to mount. GDPR non-compliance penalties can be severe up to 79...
The Catch 22 of Base64: Attacker Dilemma from a Defender Point of View
Web application threats come in different shapes and sizes. These threats mostly stem from web application vulnerabilities, published daily by the vendors themselves or by third-party researchers, followed by vigilant attackers exploiting them. To cover their tracks and increase their attack...
Drupalgeddon3: Third Critical Flaw Discovered
For the third time in the last 30 days, Drupal site owners are forced to patch their installations. As the Drupal team noted a few days ago, new versions of the Drupal CMS were released, to patch one more critical RCE vulnerability affecting Drupal 7 and 8 core. The vulnerability, code-named...
Keeping Your WAF Relevant: Emergency Feed Pushes New Mitigations in Just Hours
We previously reported that the overall number of new web application vulnerabilities in 2017 showed a 212% increase from 2016’s 6,615 to a whopping 14,082. This spike was due, in part, to high-profile vulnerabilities like Heartbleed, Shellshock, POODLE, Apache Struts 2 and more recently, Meltdow...
Sonification of DDoS Attacks: Netflow Melodies and a Tomato Panic Button
A focus on innovation and creativity is ever-present in our work. One of the more prominent examples of that is our annual hackathon, which gives us a chance to fuel up on pizza and flex our coding muscles in a 24-hour programming marathon. Up until this year, these hackathons were limited to a...
Critical Actions to Finalize Your GDPR Compliance Program
Starting May 25, 2018, enforcement begins for the new EU General Data Protection Regulation GDPR and its heightened principles and requirements regarding data privacy, data processing, and data security. The newly revised regulation applies to organizations doing business in the European Union or...
Drupalgeddon 2.0: Are Hackers Slacking Off?
Ever since March 28th, when Drupal published a patch for a RCE named Drupalgeddon 2.0 SA-CORE-2018-002/CVE-2018-7600, Imperva has been monitoring our cloud looking for hackers’ attempts to exploit the vulnerability, but found nothing. Until today. It somehow seems fitting that nefarious activity...
Securing Modern Web Applications: Threats and Types of Attacks
Web Application Firewalls are the most advanced firewall capabilities available to IT teams. Deploying the appropriate WAF is important, especially these days when the security threat landscape is changing so rapidly. In a previous post, we introduced Web Application Firewalls: Securing Modern We...
How to Tune Your Database Security to Protect Big Data
As digital information and data continues to accumulate worldwide, new big data solutions grow more and more popular. The introduction of IoT into our lifestyle, which turns appliances into smart data logging machines, along with organizations tracking behaviors for data science and research...
A Deep Dive into Database Attacks [Part IV]: Delivery and Execution of Malicious Executables through SQL Commands (MySQL)
In a previous post we covered different techniques for execution of SQL and OS commands through Microsoft SQL server that can be used for delivering and executing malicious payloads on the target system. In this post we’ll discuss the same topic for MySQL database. Creating an executable directly...
Streamline Compliance with SWIFT Customer Security Program Requirements
Transferring money from our bank accounts has never been easier than it is today. With a single click on our smartphones, we can transfer money from a bank account in New York to an account at a different bank in the Netherlands. This advancement is largely a result of the fluent communication...
DevOps-Ready WAF: Scaling Security for a More Agile Environment
With the maturation of DevOps, the growing concern around the security and compliance of more agile application development systems has made 2018 the year for DevSecOps. According to a study by Gartner, over 80% of development teams will have embedded DevSecOps by 2021. When evaluating how a WAF...
Making the Grade: Achieve SSL Labs A+ Grade with Imperva WAF
We all woke up to a new reality early last year. HTTPS adoption has reached the tipping point, meaning that more than half of web traffic is encrypted. The benefits of encrypting your traffic are obvious, right? It’s essentially about you securing data being transmitted by authenticating web...
Web Application Firewalls: The Definitive Primer
Firewalls have traditionally been focused on network layer traffic. As attacks have evolved, however, they have climbed the ladder of the Open Systems Interconnection OSI model. Web Application Firewalls WAFs have developed as a result, not only to track network traffic but also to understand...
Q4 2017 Global DDoS Threat Landscape Report
Today we are releasing our latest Global DDoS Threat Landscape Report, a statistical analysis of 5,055 network and application layer DDoS attacks mitigated by Imperva Incapsula services during Q4 2017. In Q4, the number of application layer attacks nearly doubled, just as the number of network...
Data Security Solutions for GDPR Compliance
Enforcement of the new EU General Data Protection Regulation GDPR adopted in 2016 starts on May 25, 2018. It requires all organizations that do any business in the EU or that collect or process personal data originating in the EU to comply with the regulation. Organizations that do not have a...
A Deep Dive into Database Attacks [Part III]: Why Scarlett Johansson’s Picture Got My Postgres Database to Start Mining Monero
As part of Imperva’s efforts to protect our customers’ data, we have an ongoing research project focused on analyzing and sharing different attack methods on databases. If you aren’t familiar with this project, which we call StickyDB, please read Part I and Part II. There we explain this database...
RDaaS Security: How to Apply Database Audit and Monitoring Controls
As you move databases to cloud database platforms, data security and compliance requirements move along with it. This article explains how you can apply database audit and monitoring controls when migrating your database to cloud services, including the following: Introduction to RDaaS Benefits o...