Category: Blog

From ChatBot To SpyBot: ChatGPT Post Exploitation

In the second installment of our blog post series on ChatGPT, we delve deeper into the security implications that come with the integration of AI into our daily routines. Building on the discoveries shared in our initial post, “XSS Marks…

Why it Pays to Have a Comprehensive API Security Strategy

In an era dominated by digital connectivity and rapid technological advancements, Application Programming Interfaces (APIs) play a pivotal role in facilitating seamless communication and data exchange between diverse software applications. As API usage continues to grow, so does the need…

Learning from the LockBit Takedown

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: Learning from the LockBit Takedown

Advocating for Inclusion in Tech

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: Advocating for Inclusion in Tech

Attackers Quick to Weaponize CVE-2023-22527 for Malware Delivery

On January 16, 2024, Atlassian disclosed a critical vulnerability affecting Confluence Data Center and Confluence Server, tracked as CVE-2023-22527. The vulnerability is an unauthenticated OGNL injection bug, allowing unauthenticated attackers to execute Java expressions, invoke methods, navigate object relationships, and…

XSS Marks the Spot: Digging Up Vulnerabilities in ChatGPT

With its widespread use among businesses and individual users, ChatGPT is a prime target for attackers looking to access sensitive information. In this blog post, I’ll walk you through my discovery of two cross-site scripting (XSS) vulnerabilities in ChatGPT and…

Hacking Microsoft and Wix with Keyboard Shortcuts

Browser vendors continuously tweak and refine browser functionalities to improve security. Implementing same-site cookies is a prime example of vendors’ efforts to mitigate Cross-Site Request Forgery (CSRF) attacks. However, not all security measures are foolproof. In their quest to combat…

The Added Value of SNI-Only Mode in Imperva Cloud WAF

Imperva has modified the default behavior for new cloud WAF sites, now enforcing Server Name Indication (SNI)-only traffic by default. This shift is aimed at optimizing the utilization of TLS-related features, both those currently in place and those slated for…

Do Any HTTP Clients Not Support SNI?

In this blog post, we’ll share the results of an internal research project we conducted on our CDN customers focused on websites that are getting non-Server Name Indication (SNI) traffic.  The goal of our research was to answer the following…

The Web Scraping Problem: Part 1

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: The Web Scraping Problem: Part 1

Keep Your Tech FLAME Alive

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: Keep Your Tech FLAME Alive

What Is API Detection and Response?

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: What Is API Detection and Response?

Are You Ready for PCI DSS 4.0?

The Payment Card Industry Data Security Standard (PCI DSS) is the global benchmark for ensuring companies that handle credit card information maintain a secure environment. It provides a framework to help organizations protect sensitive cardholder data from theft and secure…

HTTP/2 Rapid Reset Mitigation With Imperva WAF

In the modern application landscape, where businesses are constantly under the threat of cyber attacks, one of the most recent to emerge is HTTP/2 Rapid Reset (CVE-2023-44487), a type of Distributed Denial-of-Service (DDoS) attack. This attack is larger than any…

Shifting from reCAPTCHA to hCaptcha

We are adding another CAPTCHA vendor and helping our customers migrate from Google’s reCAPTCHA to hCaptcha.  Why We Are Making This Change We continuously evaluate our security measures to ensure they align with the evolving landscape of threats. After carefully…

The Do?s and Don?ts of Modern API Security

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: The Do?s and Don?ts of Modern API Security

CVE-2023-50164: A Critical Vulnerability in Apache Struts

On December 7, 2023, Apache released a security advisory regarding CVE-2023-50164, a critical vulnerability in Apache Struts with CVSS score 9.8. Versions from 2.5.0 to 2.5.32 and 6.0.0 to 6.3.0 were affected.  Apache Struts is a popular, free, open-source framework…

What We’ve Learned from Media Cloud Adoption Trends

Read the top takeaways from a global survey of leaders in the media and entertainment industry about their cloud adoption experiences and challenges. This article has been indexed from Blog Read the original article: What We’ve Learned from Media Cloud…

Imperva Detects Undocumented 8220 Gang Activities

Imperva Threat Research has detected previously undocumented activity from the 8220 gang, which is known for the mass deployment of malware using a variety of continuously evolving TTPs. This threat actor has been known to target both Windows and Linux…