Imperva customers are protected against CVE-2023-22518 in Confluence Data Center and Server

Atlassian released patches for the recently released vulnerability CVE-2023-22518 in their Confluence Data Center and Confluence Server products. This is a critical vulnerability, allowing attackers to bypass the authentication mechanism to potentially gain unauthorized access to sensitive...

New Secaucus Point of Presence Increases Resilience for Financial Services

We are thrilled to announce the opening of a new cutting-edge Point of Presence PoP in Secaucus, New Jersey, which adds resilience to our network infrastructure located in the Northeastern United States region. This PoP represents the first build using next generation technology designed to...

Why Bad Bots Are the Digital Demons of the Internet

In the dimly lit corners of the internet, where shadows flicker and eerie silences prevail, there lurks entities of malevolent intent. They are not the stuff of old wives tales or campfire ghost stories. We’re talking about bad bots, the digital bogeymen of the digital age. These nefarious beings...

Imperva Customers are Protected Against the Latest F5 BIG-IP Vulnerability

Imperva is tracking the recent critical security vulnerability impacting F5’s BIG-IP solution. The vulnerability, CVE-2023-46747, could allow an attacker to bypass authentication and potentially compromise the system via request smuggling. Imperva Threat Research has been actively monitoring this...

The Haunted House of IoT: When Everyday Devices Turn Against You

In todays interconnected world, the Internet of Things IoT promises convenience and innovation. From smart fridges that tell you when youre out of milk to connected light bulbs that adjust to your mood, the future seems to be right at our fingertips. What happens when these devices, designed to...

Analysis: A Ransomware Attack on a PostgreSQL Database

In 2017, we reported on a database ransomware campaign targeting MySQL and MongoDB. Since then, we’ve observed similar attack tactics on a PostgreSQL database in Imperva Threat Research lab. In general, the attack flow contained: A brute force attack on the database for known users and weak...

Database Ransomware: From Attack to Recovery

Introduction In recent years, ransomware attacks have risen sharply, due to their profitability, ease of access with ransomware-as-a-service RaaS tools, and an increasing attack surface. Ransomware is a type of attack in which the attacker locks and encrypts a victim’s data and then demands a...

Breaking the Chain of Data Access: The Importance of Separating Human and Application Users

Data, the lifeblood of any organization, relies on the database as its beating heart. As a result, businesses invest heavily in designing and monitoring all access to it. In traditional literature, there are two types of users: administrative users, who manage the entire lifecycle of a database...

How to use DSF Collections & Index Patterns – A Tutorial

In conventional terminology, Imperva Data Security Fabric DSF is a database system, replete with a GUI interface for aggregation pipeline building, workflow orchestration, extensible scripting Playbooks, and self-service data discovery Kibana-based Discover. Imperva DSF is purpose-built for data...

DDoS Attacks Leveraged by Attackers in Israel Conflict

Over the last few years, we’ve observed Distributed Denial of Service DDoS attacks used in many conflicts. In the Russia-Ukraine war, DDoS was used both by government cyber agencies and individual hacktivist groups to disrupt the flow of information and deface sites to promote propaganda. The...

Recent Vulnerabilities in Popular Applications Blocked by Imperva

Multiple vulnerabilities in popular and widespread applications have been disclosed recently, tracked as CVE-2023-36845, CVE-2023-40044, CVE-2023-42793, CVE-2023-29357, and CVE-2023-22515. These vulnerabilities, which affect several products and can be exploited to allow arbitrary code execution,...

Atlassian CVE-2023-22515 Blocked by Imperva

Atlassian, an Australian software company, has released emergency security updates to address a severe zero-day vulnerability in its Confluence Data Center and Server software. This vulnerability is actively being exploited, allowing attackers to create unauthorized Confluence administrator...

Why Cool Dashboards Don’t Equal Effective Security Analytics

Mark Twain once said, “Data is like garbage. You’d better know what you are going to do with it before you collect it.” This statement rings true in todays cybersecurity landscape. Security professionals are inundated with a flood of data, and often, they dont know how to make sense of it. To add...

Protecting Against HTTP/2 Rapid Reset: CVE-2023-44487

Today, Google disclosed a zero-day vulnerability in the HTTP/2 protocol. Imperva collaborated proactively with Google to gain advanced insights into this vulnerability. After a comprehensive inspection of this vulnerability by Imperva’s Product Development and Threat Research teams, we can confir...

How to Protect Against Data Lake Hacking

Data lakes, or centralized repositories for large-scale data, are a popular solution for data storage, and there are good reasons for that. Data lakes are flexible and cost-effective, as they allow many object formats and multiple query engines, and there is no need to manage or pay for resources...

Elevate Your Cybersecurity with Imperva Cloud WAF: More Than Just a Checkbox

In the world of digital modernization, having a web application firewall WAF isnt an option - its a necessity. But in the endless sea of security solutions, how do you choose the right one? How do you ensure that youre not merely checking a box, but genuinely fortifying your digital fortress? Whi...

The Dark Side of Web Development: Why You Should Be Prioritizing Shadow Code

In the fast-paced world of web development, staying ahead of the curve is paramount, as developers are frequently under pressure to deliver products and functionalities quickly and efficiently. To meet accelerated timelines, they often leverage third-party scripts and open-source libraries,...

How to Predict Customer Churn Using SQL Pattern Detection

Introduction to SQLs MATCHRECOGNIZE Clause SQL is a great way to perform analysis on your data. It is very common and supported by many database engines including big data solutions. SQL is used in many cases to analyze data in our data lake. However, when it comes to pattern detection, SQL...

GraphQL Vulnerabilities and Common Attacks: What You Need to Know

GraphQL is a powerful query language for APIs that has gained popularity in recent years for its flexibility and ability to provide a great developer experience. However, with the rise of GraphQL usage comes the potential for security vulnerabilities and attacks. In this blog post, we will descri...

Imperva Clinches 2023 SC Media Trust Award for Best Database Security Solution: A Back-to-Back Victory

Imperva, a global leader in cybersecurity, is proud to announce that we have once again been honored for our industry-leading database security solutions, earning the prestigious 2023 SC Media Trust Award for Best Database Security Solution. This accolade marks the second consecutive year that...

How to Secure All Your APIs Through Multiple Deployment Options

Imperva has invested in strengthening our API Security offering to meet the needs of customers since the acquisition of CloudVector in 2021. Since then, the product’s capabilities have expanded, positioning it as a leader in the growing API Security market. What makes Imperva API Security unique ...

Applying Data Ontology Concepts to Protect Data

Data breaches continue to be the thorn for most organizations despite the sophisticated and innovative cybersecurity tools that are used to stop what is now the inevitable cost of doing business in a hyperconnected world. In this blog post, I’ll explain how organizations can increase the...

Behind the Scenes of a Tailor-Made Massive Phishing Campaign

A global phishing campaign caught our attention after one of our colleagues was targeted by, and nearly fell victim, to a social engineering attack. The campaign involved more than 800 different scam domains and impersonated around 340 legitimate companies all over the world – including well-know...

How Generative AI Will Transform Cybersecurity

One of the most promising developments in the fight against cybersecurity threats is the use of artificial intelligence AI. This cutting-edge technology has the potential to revolutionize the way organizations manage cyberthreats, offering unprecedented levels of protection and adaptability. AI i...

CVE-2023-3519: NetScaler (Citrix) RCE Blocked By Imperva

On July 20, CISA warned about the exploitation of an unauthenticated remote code execution vulnerability affecting NetScaler formerly Citrix Application Delivery Controller and NetScaler Gateway. Attackers first exploited this vulnerability in June, when unidentified hackers used this as a zero-d...

Adobe ColdFusion vulnerabilities mitigated by Imperva

Several vulnerabilities in Adobe ColdFusion have been discovered recently, tracked as CVE-2023-29300, CVE-2023-38205, and CVE-2023-29298. These vulnerabilities, which can be exploited to allow arbitrary code execution and bypass access controls, affect several ColdFusion versions since 2016...

The Battle Against Business Logic Attacks: Why Traditional Security Tools Fall Short

As the digital landscape continues to evolve, so do the tactics utilized by bad actors that are seeking to exploit application vulnerabilities. Among the most insidious types of attacks are business logic attacks BLAs. Unlike known attacks, which can be identified by signatures or patterns, such ...

New MOVEit vulnerability CVE-2023-36934 blocked by Imperva

On July 5, Progress Software released a security advisory for a new critical vulnerability in the MOVEit Transfer software, CVE-2023-36934. With a critical score of 9.1, this bug is a SQL injection vulnerability in the MOVEit Transfer web application with the potential to allow unauthorized acces...

Imperva Offers New Features to Simplify PCI DSS Compliance

The Silent Threat of Client-Side Attacks As more transactions move online, a silent threat is lurking in the deepest, darkest shadows of websites, threatening to steal your sensitive data. This rapidly evolving threat, known as client-side attacks such as Magecart, formjacking, and online skimmin...

Understanding Business Logic Abuse and Its Detection Challenges

Digital modernization and automation have been on a rapid trajectory for the last 5 years and were thrust forward at an even faster pace when the COVID-19 pandemic and subsequent lockdown period took hold in 2020. For businesses and consumers alike this acceleration of advanced technology...

Business Logic Attacks: Why Should You Care?

Imagine this: Youve just launched an amazing new application with top-of-the-line API security, reinforced it with client-side protection, and even set up defenses against bot attacks. Youre feeling safe and secure, congratulating yourself on a job well done. But, despite all your efforts, your...

Unraveling an AI Scam with AI

The last year has seen an unprecedented surge in the use of Artificial Intelligence AI and its deployment across a variety of industries and sectors. Unfortunately, this revolutionary technology has not just captivated the good actors– the darker corners of the internet are awash with bad actors...

Overcoming Challenges in Delivering Machine Learning Models from Research to Production

So, you’ve finished your research. You developed a machine learning ML model, tested, and validated it and you’re now ready to start development, and then push the model to production. The hard work -- the research -- is finally behind you. Or is it? Understanding the Challenges in Machine Learni...

Understanding and Mitigating the MOVEit Incidents

Over the last several weeks, attackers have taken advantage of vulnerabilities in MOVEit, a popular file transfer application developed by Progress. Cyber attackers have successfully performed ransomware and exfiltrated data by uploading web shells into vulnerable MOVEit instances deployed...

Anonymous Sudan, MOVEit, and Cl0p

There are three concurrent events of significant concern: 1. An Anonymous Sudan group chat on Telegram has revealed imminent threats from Russia to the US financial system, specifically targeting the SWIFT network. The motive behind this attack is disruption. By attacking SWIFT and inducing...

In Healthcare Organizations, Data Security Risks Persist Despite HIPAA Compliance

In a recent blog post, we discussed the extraordinarily powerful “perfect storm” of cyber risk faced by healthcare organizations today. This storm is escalating in size, force, and risk levels. The Health Insurance Portability and Accountability Act HIPAA sets the standard for protecting this dat...

How Ticket Scalping Impacts Asia’s Live Entertainment Industry

Asia’s booming live entertainment industry has recently been plagued by a growing problem of ticket scalping. The term refers to the act of purchasing live event tickets in bulk by individuals, often through the use of automation aka bots, to later resell them at exorbitant prices. The issue isn’...

CVE-2023-34362 – MOVEit Transfer – An attack chain that retrieves sensitive information

MOVEit Transfer is a popular secure file transfer solution developed by Progress, a subsidiary of Ipswitch. At the moment, there are more than 2,500 MOVEit Transfer servers that are accessible from the internet, according to Shodan. On May 31, 2023, Progress released a security advisory affecting...

Why Attackers Target the Gaming Industry

Key Takeaways: The gaming industry is a common target for cyberattacks due to its financial success and vast user base. Volumetric DDoS attacks can disrupt service, distract from more serious attacks, and cause financial damage, especially on sites that offer online multiplayer games or real-time...

Preventing Bot Attacks and Online Fraud on APIs

The rapid proliferation of Application Programming Interfaces APIs is spearheading digital transformation, leading to explosive growth in adoption of APIs in recent years. In fact, it’s hard to think of any software that doesn’t use or is in itself, an API. By supporting swift development and...

What We Learned from the 2023 Imperva Bad Bot Report

The 2023 Imperva Bad Bot Report is now available. The 10th edition of the annual report takes a deep dive into the latest bad bot statistics and trends from the past year, providing meaningful information and guidance about the nature and impact of bots. Understanding the risks of unmanaged bot...

Why Attackers Target the Government Industry

Key Takeaways: Government sites are full of information attackers want, so it’s crucial to defend them properly. DDoS is an easy tool for attackers to use to disrupt government sites, which can have far-reaching consequences, as we saw early in the Russia-Ukraine war. Remote code execution RCE...

The Anatomy of a Scalping Bot: NSB Goes Undercover & How it Avoids Detection

In the first blog post, we introduced you to the Nike Shoe Bot NSB, one of the most dangerous scalping bots around. We outlined its purpose, its behavior, and described how we recovered its source code. In this blog post, we will take a closer look at the bots source code, and determine what...

CVE-2023-29552: Abusing the SLP Protocol to Launch Massive DDoS Amplification Attacks

On April 25, 2023, researchers at Bitsight and Curesec jointly discovered a high-severity vulnerability — tracked as CVE-2023-29552 — in the Service Location Protocol SLP, a legacy Internet protocol. What is SLP protocol? Service Location Protocol SLP is a network protocol designed to simplify th...

Imperva Red Team Discovers Vulnerability in TikTok That Can Reveal User Activity and Information

TL;DR The Imperva Red Team discovered a vulnerability in TikTok, a popular social media platform with more than one billion users worldwide, that could allow attackers to monitor users activity on both mobile and desktop devices. This vulnerability, which has now been fixed, was caused by a windo...

With Imperva’s DRA and ServiceNow, you can avoid burning out your cyber security employees

In todays world, CIOs and CISOs are facing a tough reality when it comes to the security staff shortage situation. With the deflating economy, nationalism, cybercrime, and nation-led adversaries, the demand for security personnel has increased, making it challenging for organizations to find and...

Imperva Continues to Innovate With New Features for Online Fraud Prevention

Last year, Imperva embarked on a mission to help organizations combat the growing threat of digital fraud. We introduced a new solution and a range of innovative features to help detect and prevent online fraud at its earliest stages. Imperva Online Fraud Prevention stops fraud ranging from...

Imperva® and Fortanix Partner to Protect Confidential Customer Data

Imperva Data Security Fabric and Fortanix Data Security Manager combine to provide end-to-end data security. Imperva, Inc., @Imperva the cybersecurity leader that protects critical applications, APIs, and data, anywhere at scale, and Fortanix, Inc. @Fortanix, the Data Security company powered by...

The Anatomy of a Scalping Bot: NSB Was Copped!

In recent years, scalping bots have become a growing concern for online retailers. In this two-part blog series, we will analyze the inner workings of the Nike Shoe Bot NSB scalping bot, one of the most dangerous scalping bots around. We will take a closer look at the components of NSB, how we...

Imperva Unveils Latest API Security Enhancements

Imperva is continuing to evolve its API Security offering to help customers better protect their APIs, wherever they are, and to meet changing market requirements. Since launching API Security in March 2022, we continued investing in our API Security offering with the goal of simplifying the...