1017 matches found
Imperva Defends Against LLM Hacking
In the evolving landscape of cybersecurity, the advent of large language models LLMs has introduced a new frontier of challenges and opportunities. Research has shown advanced LLMs, such as GPT-4, now possess the ability to autonomously execute sophisticated cyberattacks, including blind database...
Imperva and the Secure by Design Pledge: A Commitment to Cybersecurity Excellence
The Cybersecurity and Infrastructure Security Agency CISA has introduced a voluntary "Secure by Design Pledge" for enterprise software manufacturers, focusing on improving the security of their products and services. This pledge outlines seven key principles, forming the core of a robust...
Business Logic Attacks Target Election-Related Sites on Election Day
As U.S. citizens headed to the polls, cyber threat activity against election-related websites was unusually high. One of the most prominent attack types observed this Election Day was business logic attacks —a complex threat that manipulates the intended workflow of applications, often without...
Meet Andy Zollo, SVP of APJ Sales
Andy Zollo, who led the Imperva business in EMEA, relocated to Singapore in October to be Senior Vice President of Sales for the combined Imperva and Thales CPL businesses in the APJ region. With a wealth of experience in sales leadership and business transformation, Andy is set to play a vital...
Imperva: A Leader in WAAP
Imperva – a Thales company and leading provider of Web Application and API Protection WAAP solutions, is a force to be reckoned with in the cybersecurity landscape. Our comprehensive approach to security, encompassing database security, enterprise application security, bot management, DDoS...
Java(Script) Drive-By, Hacking Without 0days
A remote code execution chain in Google Chrome, which allows an attacker to execute code on the host machine, can cost anywhere from $250,000 to $500,000. Nowadays, such powers are typically reserved for governments and spy agencies. But not so long ago, similar capabilities were accessible to th...
Cyber Threats in Costume: When Attacks Hide Behind a Mask
Introduction As Halloween approaches, the idea of costumes and disguises takes center stage, but the spirit of deception isn’t limited to one night. In the digital world, cyberattacks can also wear masks, concealing their true intentions to slip past defenses. Just as a costume can obscure who’s...
Modernizing Data Security: Imperva and IBM Z in Action
As data security continues to evolve, businesses require solutions that scale to modern environments. Imperva and IBM Z have partnered to deliver a comprehensive approach to securing data within IBM z/OS environments while supporting the agility, resource availability, and cost-efficiency that...
ShadyShader: Crashing Apple Devices with a Single Click
Introduction A while ago, we discovered an interesting vulnerability in the GPU’s drivers of iPhones, iPads, and macOS computers with M-series chips. Dubbed ShadyShader, this flaw allows a specially crafted shader program to overwhelm Apple’s GPU, causing repeated freezes that ultimately lead to ...
Seven Cybersecurity Tips to Protect Your Retail Business This Holiday Season
It’s no secret that the holiday season is the busiest time for online retailers, with sales starting as early as October and stretching until late December. According to the NRF, census data suggests that 2023 holiday sales experienced a 3.8% growth, reaching a record $964.4 billion about $3,000...
Imperva Defends Against Targeted Exploits Used By APT29 Hackers
Recently, U.S. and U.K. cyber agencies have warned of a renewed wave of attacks led by Russian APT29 hackers. These sophisticated threat actors have been actively exploiting vulnerabilities in Zimbra Collaboration Suite and JetBrains TeamCity, specifically CVE-2022-27924 and CVE-2023-42793, to...
Imperva Adaptive Threshold for Layer 7 DDoS Attacks Reduces Risk of Business Disruption
Today’s fast-paced digital landscape demands an optimized user experience that is always available to engage end users. However, businesses are constantly under threat from a variety of attacks that seek to disrupt that experience, including DDoS attacks. And the risk is growing. According to the...
Leveling Up Security: Understanding Cyber Threats in the Gaming Industry
Introduction As the G2E Global Gaming Expo conference kicks off in Las Vegas, it's important to highlight the significant role cybersecurity plays in the rapidly evolving gaming industry. From online casinos to eSports, gaming has grown into a massive global enterprise, making it a prime target f...
Trouble in Da Hood: Malicious Actors Use Infected PyPI Packages to Target Roblox Cheaters
The world of gaming can be a cut-throat place, with many players turning to online help via third-party programs ‘game hacks’ to get ahead. Although some of these programs offer legitimate game boosts, malicious actors frequently leverage these game hackers’ interest in modifications to deliver...
The Rising Cost of Vulnerable APIs and Bot Attacks – A $186 Billion Wake-Up Call for Businesses
How much do bot attacks and API insecurity cost organizations? To answer these questions, Imperva engaged the Marsh McLennan Cyber Risk Intelligence Center to analyze incident data related to vulnerable APIs and bot attacks. Imperva’s latest report, “The Economic Impact of API and Bot Attacks,"...
Cursor’s Magic Comes with a Catch: The Trust Setting You’re Missing
Occasionally, a new AI tool emerges unexpectedly and dominates the conversation on social media. This time, that tool is Cursor, an AI coding platform that’s making waves for simplifying app development with advanced models like Claude 3.5 Sonnet and GPT-4o. In a recent video posted on X, which h...
Enhancing Security and Compliance in the Energy Sector: Imperva’s Cipher Suite Support
In the energy and utility sector, safeguarding data and ensuring compliance with regulatory standards is paramount. With the increasing digitalization of operations, from smart grids to IoT-enabled devices, the need for robust encryption methods to protect sensitive information has never been...
Imperva Protects Against Critical Apache OFBiz Vulnerability (CVE-2024-45195)
Recently, a critical vulnerability in the widely used Apache OFBiz framework was disclosed, designated CVE-2024-45195. This vulnerability allows for unauthenticated remote code execution RCE, making it an especially dangerous flaw for organizations using OFBiz in their business operations. An...
My Journey To CTO for Imperva App Sec
I’m delighted to be announcing that I’ve joined Imperva as the CTO for Application Security. Many of you readers know me as the Forrester analyst covering Zero Trust, SASE, and network security since before the pandemic. But what you might not have known is prior to that, I was in application...
Agentless is a DAM Better Option for Securing Cloud Data
When it comes to on-premises database activity monitoring DAM, security teams have consistently relied on agents to seamlessly track all incoming requests and outgoing responses within the databases. The agent-based approach effectively ensures independent monitoring of database activity,...
What’s Different About Data Security in the Cloud? Almost Everything.
In 2019, most organizations already had digital transformation plans in place. These plans included migrating workloads to modern cloud architectures. However, the Covid-19 pandemic compelled organizations to expedite their modernization efforts due to practical reasons. For instance, setting up ...
GraphQL Vulnerabilities and Common Attacks: Seen in the Wild
In our previous blog, we provided an overview of GraphQL security, along with details and examples of common attacks. Building on that foundation, this blog will take a closer look at real-world examples of GraphQL attacks that have recently occurred. We will explore the methods used by attackers...
Imperva Security Efficacy and Operational Efficiency Leads the Industry in SecureIQLab’s Cloud WAAP Comparative Report
In the 2024 Cloud Web Application and API Protection WAAP CyberRisk Comparative Validation Report from SecureIQLab, Imperva outperformed all other vendors in both security efficacy and operational efficiency. This comprehensive report, based on third-party testing, demonstrates Imperva's commitme...
How Cyberthreats Could Disrupt the Olympics
Introduction Cybersecurity experts are on high alert, as the 2024 Olympic Games continue over the coming weeks. Historically, the Olympics have been a prime target for cybercriminals, state-sponsored actors, and hacktivists. The convergence of global attention, vast amounts of sensitive data, and...
Deploy API Security On-Premises with New Imperva API Security Anywhere Self-Managed Option
API Security Anywhere Self-Managed Option Imperva continues to deliver solutions that help customers protect their applications and APIs, whether in the Cloud, on-premises, or in a hybrid environment. Imperva API Security includes a SaaS-based and an on-premises solution, both managed in the...
Effortless certificate management with automated CNAME validation
Imperva customers who properly utilize the managed certificate feature can experience a robust, interruptions-free, and fully automated certificate management process that requires no effort for domain validations and renewals. In todays digital landscape, security is of paramount importance. One...
Imperva Customers Protected Against Critical ServiceNow Vulnerability
Introduction ServiceNow is a widely used platform for IT service management, and its security is paramount for businesses relying on it for their operations. Recently, a critical vulnerability was discovered that could potentially allow attackers to access all data within ServiceNow instances. Th...
On Entrust? Imperva has your back!
Managing SSL/TLS certificates is a critical yet complex task for any organization. Certificates ensure secure communication between users and your web applications, but maintaining them involves constant vigilance and expertise. From monitoring expiration dates to renewing and deploying new...
Unveiling the 2024 Imperva DDoS Threat Landscape Report
In the ever-changing landscape of cybersecurity, Distributed Denial of Service DDoS attacks continue to be a significant threat. To help organizations stay ahead, were excited to introduce the 2024 Imperva DDoS Threat Landscape Report. This comprehensive report offers a deep dive into DDoS attack...
Lessons Learned From Exposing Unusual XSS Vulnerabilities
Misunderstood browser APIs are often at the core of many web security issues. With the rapid expansion of web APIs, keeping up with security best practices can be challenging. In this post, we’ll explore a few common mistakes developers make that lead to modern XSS Cross-Site Scripting...
New Mirai Botnet Variants Observed: How to Identify a Mirai-Style DDoS Attack
The Mirai Internet of Things IoT botnet, notorious for targeting connected household devices like cameras, alarm systems, and personal routers, continues evolving and poses significant cybersecurity threats. It has a history of executing massive DDoS attacks, including a major incident that...
Simplifying Infrastructure Management with Imperva’s Terraform Module for Cloud WAF
In todays rapidly evolving technological landscape, managing infrastructure efficiently is paramount for businesses striving to stay competitive. With the rise of cloud computing, Infrastructure as Code IaC has emerged as a game-changer, enabling organizations to automate the provisioning and...
Imperva Client-Side Protection Mitigates the Polyfill Supply Chain Attack
The recent discovery of a website supply chain attack using the cdn.polyfill.io domain has left many websites vulnerable to malicious code injection. Once a trusted resource for adding JavaScript polyfills to websites, the domain has recently become the epicenter of a significant website supply...
Episode 2: Behind the Scenes of a Tailor-Made Massive Phishing Campaign Part 2
Executive Summary Last summer, we investigated a massive, global phishing campaign impersonating almost 350 legitimate companies. Our continued investigation into this expansive phishing campaign revealed leaked backend source code, shedding light on the infrastructure behind the operation. This...
PCI DSS 4.0.1: New Clarifications on Client-Side Security – What You Need to Know
As a leading provider of web application and API security solutions, Imperva is committed to helping merchants, payment processors, and anyone seeking to comply with the latest PCI DSS requirements. We previously discussed the changes introduced in PCI DSS 4.0. This blog will cover the...
Cyberattack on Swedish Gambling Site During Eurovision Highlights Strategic Threats
Every year, the Eurovision Song Contest captivates millions of viewers across Europe and beyond, turning a simple music competition into a cultural phenomenon. This popularity extends to various forms of betting, with numerous gambling sites offering odds on Eurovision outcomes. Eurovision has...
Update: CVE-2024-4577 quickly weaponized to distribute “TellYouThePass” Ransomware
Introduction Recently, Imperva Threat Research reported on attacker activity leveraging the new PHP vulnerability, CVE-2024-4577. From as early as June 8th, we have detected attacker activity leveraging this vulnerability to deliver malware, which we have now identified to be a part of the...
A European Summer of Sports is Upon Us – What Does it Mean for Security?
The recent Champions League final in London congratulations, Real Madrid! marked the opening shot to a hot European summer of major sporting events. We now approach the highly anticipated UEFA EURO 2024 football tournament in Germany and the Olympic Games in Paris 2024. And as we do, bad actors a...
Imperva Protects Against Critical PHP Vulnerability CVE-2024-4577
In the ever-evolving landscape of cybersecurity, staying ahead of vulnerabilities is crucial for safeguarding sensitive information and maintaining the integrity of digital assets. Recently, a critical vulnerability– identified as CVE-2024-4577 with an initial CVSS score of 9.8 – was discovered i...
Mitigate Http/2 continuations with Imperva WAF
As the threat landscape continues to grow, with new breaches being announced every day, Imperva continues to stay one step ahead of attackers. HTTP/2 exploits seem to be growing every quarter as more attackers use this vulnerability in new ways. We previously wrote about how Imperva protected its...
Frida-JIT-unPacker: An Imperva Contribution to the Security Research Community, Presented at Black Hat Asia 2024
In the ever-evolving landscape of cybersecurity threats, the battle against malicious bots is a critical concern for web applications. These bots, in addition to their ability to circumvent application security measures, are usually protected with advanced source code protection to prevent the...
The Importance of Bot Management in Your Marketing Strategy
Marketing teams need a comprehensive bot management solution to address the challenges posed by bot traffic and protect marketing analytics. Bot management is designed to protect marketing efforts from bot-generated invalid traffic by accurately and efficiently classifying traffic and stopping...
Enhancing Security with AI: Revolutionizing Protection in the Digital Era
In the ever-evolving landscape of cybersecurity, the integration of Artificial Intelligence AI and Machine Learning ML has emerged as a transformative force. AI, with its ability to mimic human cognition and problem-solving capabilities, combined with MLs capacity to iteratively learn from data, ...
API Security and The Silent Menace of Unknown APIs
The digital application landscape is evolving rapidly, with APIs as the backbone of modern software development. However, amidst all this innovation lies a silent menace: the prevalence of unknown APIs. These APIs, often lurking beyond sanctioned channels, pose significant security risks to...
The CISO’s Top Priority: Elevating Data-Centric Security
The shift to cloud computing has enhanced the resilience and security of most organizations. In this era of unparalleled agility and scalability, data-centric security can offer transformational opportunities for Chief Information Security Officers CISOs to improve data protection, compliance, an...
Taking Time to Understand NIS2 Reporting Requirements
The newest version of the European Union Network and Information Systems directive, or NIS2, came into force in January 2023. Member States have until October 2024 to transpose it into their national law. One of the most critical changes with NIS2 is the schedule for reporting a cybersecurity...
Five Key Takeaways from the 2024 Imperva Bad Bot Report
Bad bots continue to affect consumers and organizations across all sectors. For over eleven years, Imperva has been dedicated to helping organizations manage and mitigate the threat of bad bots. We’ve published the 2024 Imperva Bad Bot Report as part of our commitment to helping organizations...
HTTP/2 CONTINUATION Flood Vulnerability
HTTP/2, a widely adopted web communication protocol, organizes data transmission through a binary framing layer, wherein all communication is divided into smaller messages called frames, each identified by a specific type, such as headers, data, and continuation frames. HTTP/2 HEADER frames...
Compromising Bank Customer Trust: The Price of Inadequate Data Protection
Banks hold not just money, but also emotions and aspirations. Countless stories unfold within bank walls, reflecting the intimate connection between money and emotion. Beyond the numbers and transactions, every dollar represents individuals’ hopes, dreams, and livelihoods. As the trusted custodia...
From ChatBot To SpyBot: ChatGPT Post Exploitation
In the second installment of our blog post series on ChatGPT, we delve deeper into the security implications that come with the integration of AI into our daily routines. Building on the discoveries shared in our initial post, "XSS Marks the Spot: Digging Up Vulnerabilities in ChatGPT," where we...