1017 matches found
New Sysrv Botnet Variant Makes Use of Google Subdomain to Spread XMRig Miner
Sysrv is a well-documented botnet first identified in 2020, with the main payload being a worm written in Golang. It drops a cryptominer onto infected hosts before attempting to propagate itself using various methods, including network vulnerabilities. Over the past few years, the botnet has...
Understanding the OWASP API Security Top 10: Why BOLA is the Number One Risk for APIs
Understanding and addressing vulnerabilities is critical in cybersecurity, where APIs serve as the backbone for seamless data exchange. The OWASP API Security Top 10, revised in 2023, provides a comprehensive guide to the critical issues that organizations must tackle to ensure the robust securit...
Breaking it Down: A Data-Centric Security Perspective on NIST Cybersecurity Framework 2.0
On February 26, 2024, NIST released version 2.0 of the Cybersecurity Framework. This blog reviews the fundamental changes introduced in CSF 2.0 and data-centric security considerations that should be made when aligning with the new framework. As cybercriminals become more sophisticated, efficient...
Why it Pays to Have a Comprehensive API Security Strategy
In an era dominated by digital connectivity and rapid technological advancements, Application Programming Interfaces APIs play a pivotal role in facilitating seamless communication and data exchange between diverse software applications. As API usage continues to grow, so does the need for robust...
Navigating the Waters of Generative AI
Part I: The Good and the Bad of AI Few would argue that 2023 was the year AI, specifically generative AI Gen AI like ChatGPT, was discussed everywhere. In October, Forrester published a report about how security tools will leverage AI. The findings in that report showed that Gen AI would augment...
Imperva Customers are Protected Against New SQL Injection Vulnerability in WordPress Plugin
A critical security flaw, identified as CVE-2024-1071, was discovered in the Ultimate Member plugin for WordPress, affecting over 200,000 active installations. This vulnerability has a high severity CVSS score of 9.8 and allows for SQL injection via the sorting parameter due to insufficient input...
Latest Research Reveals Rise in API Attacks in 2023, Putting Businesses at Risk in 2024
The State of API Security in 2024 Report highlights how APIs and their increased usage are significantly changing the threat landscape. In 2023, the number of API-targeted attacks rose significantly. Attacks targeting the business logic of APIs constituted 27% of attacks in 2023, a growth of 10%...
Healthcare Needs Risk-Based Cybersecurity for Comprehensive, Effective Protection
In the first blog post of this three-blog series, we discussed the extraordinarily powerful “perfect storm” of cyber risk faced by healthcare organizations. The second blog post reviews how data security risks persist despite HIPAA compliance. In this third blog, we will discuss how to get starte...
Imperva successfully defends against CVE-2024-25600 in WordPress Bricks Builder
A critical vulnerability in the Bricks Builder site builder for WordPress, identified as CVE-2024-25600, is currently under active exploitation, and poses a significant threat to over 25,000 sites. This flaw, with a CVSS score of 9.8, is an unauthenticated remote code execution vulnerability that...
Threat Hunting Powered by Efficient and Straightforward Anomaly Detection on Your Data Lake
Effective monitoring and anomaly detection within a data environment are crucial, particularly in todays data-driven landscape. At Imperva Threat Research, our data lake serves as the backbone for a range of critical functions, including threat hunting, risk analysis, and trend detection. However...
Attackers Quick to Weaponize CVE-2023-22527 for Malware Delivery
On January 16, 2024, Atlassian disclosed a critical vulnerability affecting Confluence Data Center and Confluence Server, tracked as CVE-2023-22527. The vulnerability is an unauthenticated OGNL injection bug, allowing unauthenticated attackers to execute Java expressions, invoke methods, navigate...
The New York Times vs. OpenAI: A Turning Point for Web Scraping?
In a recent blog, we covered the blurry lines of legality surrounding web scraping and how the advent of artificial intelligence AI and large language models LLMs further complicates the matter. Shortly after publishing the blog, a significant legal development began unfolding: The New York Times...
XSS Marks the Spot: Digging Up Vulnerabilities in ChatGPT
With its widespread use among businesses and individual users, ChatGPT is a prime target for attackers looking to access sensitive information. In this blog post, Ill walk you through my discovery of two cross-site scripting XSS vulnerabilities in ChatGPT and a few other vulnerabilities. When...
Hacking Microsoft and Wix with Keyboard Shortcuts
Browser vendors continuously tweak and refine browser functionalities to improve security. Implementing same-site cookies is a prime example of vendors’ efforts to mitigate Cross-Site Request Forgery CSRF attacks. However, not all security measures are foolproof. In their quest to combat Cross-Si...
The Added Value of SNI-Only Mode in Imperva Cloud WAF
Imperva has modified the default behavior for new cloud WAF sites, now enforcing Server Name Indication SNI-only traffic by default. This shift is aimed at optimizing the utilization of TLS-related features, both those currently in place and those slated for the future roadmap. This blog post wil...
Imperva defends customers against CVE-2024-22024 in Ivanti products
Ivanti recently published an urgent warning about an authentication bypass in Ivanti Connect Secure, Ivanti Policy Secure, and ZTA gateways, tracked as CVE-2024-22024. The bug, which carries a severity score of 8.3, was discovered during an internal review. Since its announcement on February 8,...
Python’s Colorama Typosquatting Meets ‘Fade Stealer’ Malware
As our hunt against malicious Python packages continues, Imperva Threat Research recently discovered an attempt to masquerade Fade Stealer malware as a nondescript package, Colorama. Why Colorama? Colorama is a package used by developers to add color and style to their text in terminal outputs...
Security Flaw in CoCalc: One Click and Your Cloud is Ruined
TL;DR Imperva Threat Research discovered and reported a security flaw in the CoCalc Cloud environment. The flaw enabled potential attackers to completely take over a target’s account with only a single click from the victim. This flaw was due primarily to the lack of separation between the user...
Do Any HTTP Clients Not Support SNI?
In this blog post, we’ll share the results of an internal research project we conducted on our CDN customers focused on websites that are getting non-Server Name Indication SNI traffic. The goal of our research was to answer the following questions: How much non-SNI traffic is seen? What is the...
Improving Cybersecurity: Different Certifications Explained
In the ever-evolving landscape of cybersecurity, the choice of cryptographic algorithms and certificates plays a pivotal role in ensuring the confidentiality and integrity of sensitive information. While traditional methods such as the RSA public-key cryptosystem have been the cornerstone of secu...
Optimizing Data Lakes: Streamlining Storage with Effective Object Management
Data lakes are a popular solution for data storage, and for good reason. Data lakes are flexible and cost effective, as they allow multiple query engines and many object formats without the need to manage resources like disks, CPUs, and memory. In a data lake, data is simply stored in an object...
Imperva uncovers new Indicators of Compromise for FBI and CISA-flagged AndroxGh0st botnet
On January 16, a joint alert from FBI and CISA warned about a concerning development: the emergence of a botnet driven by AndroxGh0st malware targeting vulnerable applications and web servers. AndroxGh0st is a Python-based malware, first seen in late 2022, designed to target Laravel .env files an...
Imperva customers are protected against the recent GoAnywhere MFT vulnerability CVE-2024-0204
Recently, Fortra released a security advisory for CVE-2024-0204, a GoAnywhere MFT authentication bypass vulnerability. This bug allows an unauthenticated attacker to create an administrative user by exploiting an InitialAccountSetup.xhtml endpoint–accessible via path traversal–to initiate the...
Are You Ready for PCI DSS 4.0?
The Payment Card Industry Data Security Standard PCI DSS is the global benchmark for ensuring companies that handle credit card information maintain a secure environment. It provides a framework to help organizations protect sensitive cardholder data from theft and secure payment card systems. In...
Python’s Poisoned Package: Another ‘Blank Grabber’ Malware in PyPI
Python Package Index PyPI is a platform that offers an extensive range of packages to simplify and enhance the development process. Malicious actors regularly upload phishing packages in the platform’s repository aimed at delivering malware to steal the victims information, or more frequently, to...
HTTP/2 Rapid Reset Mitigation With Imperva WAF
In the modern application landscape, where businesses are constantly under the threat of cyber attacks, one of the most recent to emerge is HTTP/2 Rapid Reset CVE-2023-44487, a type of Distributed Denial-of-Service DDoS attack. This attack is larger than any previously reported application layer...
Imperva defends customers against recent vulnerabilities in Apache OFBiz
On December 26, researchers from SonicWall Capture Labs discovered an authentication bypass vulnerability in Apache OFBiz, tracked as CVE-2023-51467. This bug has a CVSS score of 9.8 and allows attackers to achieve server-side request forgery SSRF by bypassing the program’s authentication. This...
How Cache Purge Helps Keep Your Website Content Fresh and Responsive
Content Delivery Networks CDNs accelerate web traffic across the internet through servers residing in strategic locations known as points of presence or PoPs across the globe. Each PoP has a number of caching servers, each of which contains a cached version of your website or application. By...
Shifting from reCAPTCHA to hCaptcha
We are adding another CAPTCHA vendor and helping our customers migrate from Googles reCAPTCHA to hCaptcha. Why We Are Making This Change We continuously evaluate our security measures to ensure they align with the evolving landscape of threats. After carefully evaluating several different CAPTCHA...
CVE-2023-50164: A Critical Vulnerability in Apache Struts
On December 7, 2023, Apache released a security advisory regarding CVE-2023-50164, a critical vulnerability in Apache Struts with CVSS score 9.8. Versions from 2.5.0 to 2.5.32 and 6.0.0 to 6.3.0 were affected. Apache Struts is a popular, free, open-source framework that is used in the creation of...
CVE-2023-22524: RCE Vulnerability in Atlassian Companion for macOS
TL;DR This blog unveils a remote code execution vulnerability, identified as CVE-2023-22524, in Atlassian Companion for macOS, which has recently been patched. This critical vulnerability stemmed from an ability to bypass both the apps blocklist and macOS Gatekeeper, potentially allowing the...
Imperva Detects Undocumented 8220 Gang Activities
Imperva Threat Research has detected previously undocumented activity from the 8220 gang, which is known for the mass deployment of malware using a variety of continuously evolving TTPs. This threat actor has been known to target both Windows and Linux web servers with cryptojacking malware. In...
Are HTTP Content-Security-Policy (CSP) Headers Sufficient to Secure Your Client Side?
Modern web frameworks have shifted business logic from the server side to the client side web browser, enhancing performance, flexibility, and user experience. However, this move introduces security and privacy concerns, as exposing sensitive logic and data can lead to vulnerabilities like code...
2024 Predictions for Cybersecurity: The Rise of AI Brings New Challenges
The emergence of generative AI has put new resources in the hands of both attackers and defenders, and in 2024, Imperva believes the technology will have an even greater impact. Understanding how attackers are leveraging the technology will be critical for organizations seeking to keep...
Is Web Scraping Illegal? Depends on Who You Ask
Web scraping has existed for a long time, and depending on who you ask, it can be loved or hated. But where is the line drawn between extracting data for legitimate business purposes and malicious data extraction that hurts business? The bar is getting blurrier by the day, and the introduction of...
Imperva Named an Overall Leader in the KuppingerCole Leadership Compass: API Security and Management Report
Imperva named an Overall Leader Were thrilled to share that Imperva has achieved the prestigious status of Overall Leader in the KuppingerCole Leadership Compass: API Security and Management report. Our Leadership excels across the sub-categories of Product, Innovation, and Market Leadership and ...
Imperva & Thales: Pioneering a New Era in Cybersecurity
Imperva has been a beacon of excellence for over twenty years in the digital protection landscape, where innovation is paramount. Renowned for its groundbreaking products, Imperva has not just secured applications, APIs, and data for the worlds leading organizations but has done so with incredibl...
Accelerating Cloud-Native Data Security Deployments at Scale with Imperva’s eDSF Kit
Todays evolving digital landscape and the rapid expansion of cloud technologies have necessitated a shift in the approach of deploying and managing data security across multiple platforms. Traditional methods of manual deployment of data activity monitoring, risk analytics, and threat detection...
Imperva Successfully Mitigates Record-Breaking DDoS Attack in Retail Industry
In the dynamic world of cybersecurity, November 13, 2023, marked a significant milestone for Imperva as we successfully mitigated the largest application-layer DDoS attack we’ve ever recorded in the retail industry. The target was a prominent Indonesian eCommerce platform, known for its diverse...
Five Takeaways from Black Friday & Cyber Monday Cyber Attacks
The online retail industry is one of the prime targets for cybercrime, as detailed in our annual analysis of the cybersecurity threats targeting eCommerce websites and applications. As the 2023 holiday shopping season continues, Imperva Threat Research is closely monitoring how cybercriminals are...
Measures Healthcare Providers Can Take to Mitigate Disruptions
Earlier this month, an internet outage affected public healthcare clusters in Singapore, including major hospitals and polyclinics, lasting more than seven hours from 9:20 am. Investigations identified that a distributed denial-of-service DDoS attack was the cause of the online service outage. DD...
Online Retailers: Five Threats Targeting Your Business This Holiday Shopping Season
As the holiday season approaches, a palpable sense of joy and anticipation fills the air. Twinkling lights adorn homes, the aroma of freshly baked cookies wafts through the kitchen, and the sound of laughter and carolers melodies resonate on frosty evenings. Its a time when families come together...
Imperva Expands Global Network, Adds First PoP in Vietnam
We are delighted to announce our first Point of Presence PoP in Hanoi, Vietnam, expanding our global network with our 16th PoP located in the Asia Pacific & Japan APJ region. Alongside its rich culture and historic sites, Hanoi, the enchanting capital city of Vietnam, is a bustling business cente...
Navigating the Sea, Exploiting DigitalOcean APIs
Cloud service providers are now fundamental elements of internet infrastructure, granting organizations and individuals the ability to scale and efficiently store, manage, and process data. DigitalOcean is one such provider, well-regarded for its simplicity and developer-friendly platform, and...
Imperva customers are protected against CVE-2023-22518 in Confluence Data Center and Server
Atlassian released patches for the recently released vulnerability CVE-2023-22518 in their Confluence Data Center and Confluence Server products. This is a critical vulnerability, allowing attackers to bypass the authentication mechanism to potentially gain unauthorized access to sensitive...
New Secaucus Point of Presence Increases Resilience for Financial Services
We are thrilled to announce the opening of a new cutting-edge Point of Presence PoP in Secaucus, New Jersey, which adds resilience to our network infrastructure located in the Northeastern United States region. This PoP represents the first build using next generation technology designed to...
Why Bad Bots Are the Digital Demons of the Internet
In the dimly lit corners of the internet, where shadows flicker and eerie silences prevail, there lurks entities of malevolent intent. They are not the stuff of old wives tales or campfire ghost stories. We’re talking about bad bots, the digital bogeymen of the digital age. These nefarious beings...
Imperva Customers are Protected Against the Latest F5 BIG-IP Vulnerability
Imperva is tracking the recent critical security vulnerability impacting F5’s BIG-IP solution. The vulnerability, CVE-2023-46747, could allow an attacker to bypass authentication and potentially compromise the system via request smuggling. Imperva Threat Research has been actively monitoring this...
The Haunted House of IoT: When Everyday Devices Turn Against You
In todays interconnected world, the Internet of Things IoT promises convenience and innovation. From smart fridges that tell you when youre out of milk to connected light bulbs that adjust to your mood, the future seems to be right at our fingertips. What happens when these devices, designed to...
Analysis: A Ransomware Attack on a PostgreSQL Database
In 2017, we reported on a database ransomware campaign targeting MySQL and MongoDB. Since then, we’ve observed similar attack tactics on a PostgreSQL database in Imperva Threat Research lab. In general, the attack flow contained: A brute force attack on the database for known users and weak...