Category: Blog

Is Web Scraping Illegal? Depends on Who You Ask

Web scraping has existed for a long time, and depending on who you ask, it can be loved or hated. But where is the line drawn between extracting data for legitimate business purposes and malicious data extraction that hurts business?…

Imperva & Thales: Pioneering a New Era in Cybersecurity

Imperva has been a beacon of excellence for over twenty years in the digital protection landscape, where innovation is paramount. Renowned for its groundbreaking products, Imperva has not just secured applications, APIs, and data for the world’s leading organizations but…

Five Takeaways from Black Friday & Cyber Monday Cyber Attacks

The online retail industry is one of the prime targets for cybercrime, as detailed in our annual analysis of the cybersecurity threats targeting eCommerce websites and applications.  As the 2023 holiday shopping season continues, Imperva Threat Research is closely monitoring…

Defeat Web Shell WSO-NG

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: Defeat Web Shell WSO-NG

Measures Healthcare Providers Can Take to Mitigate Disruptions

Earlier this month, an internet outage affected public healthcare clusters in Singapore, including major hospitals and polyclinics, lasting more than seven hours from 9:20 am. Investigations identified that a distributed denial-of-service (DDoS) attack was the cause of the online service…

What Else Can You Do to Defend Against Bots?

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: What Else Can You Do to Defend Against Bots?

API Security in a Zero Trust World

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: API Security in a Zero Trust World

REST API Security Best Practices

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: REST API Security Best Practices

What Does XDR Have to Do with API Security?

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: What Does XDR Have to Do with API Security?

Navigating the Sea, Exploiting DigitalOcean APIs

Cloud service providers are now fundamental elements of internet infrastructure, granting organizations and individuals the ability to scale and efficiently store, manage, and process data. DigitalOcean is one such provider, well-regarded for its simplicity and developer-friendly platform, and often catering…

How to Defend Against Account Opening Abuse

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: How to Defend Against Account Opening Abuse

Analysis: A Ransomware Attack on a PostgreSQL Database

In 2017, we reported on a database ransomware campaign targeting MySQL and MongoDB. Since then, we’ve observed similar attack tactics on a PostgreSQL database in Imperva Threat Research lab.  In general, the attack flow contained: A brute force attack on…

Database Ransomware: From Attack to Recovery

Introduction In recent years, ransomware attacks have risen sharply, due to their profitability, ease of access with ransomware-as-a-service (RaaS) tools, and an increasing attack surface.  Ransomware is a type of attack in which the attacker locks and encrypts a victim’s…

How to use DSF Collections & Index Patterns – A Tutorial

In conventional terminology, Imperva Data Security Fabric (DSF) is a database system, replete with a GUI interface for aggregation pipeline building, workflow orchestration, extensible scripting (Playbooks), and self-service data discovery (Kibana-based Discover). Imperva DSF is purpose-built for data protection, audit,…

DDoS Attacks Leveraged by Attackers in Israel Conflict

Over the last few years, we’ve observed Distributed Denial of Service (DDoS) attacks used in many conflicts. In the Russia-Ukraine war, DDoS was used both by government cyber agencies and individual hacktivist groups to disrupt the flow of information and…

Atlassian CVE-2023-22515 Blocked by Imperva

Atlassian, an Australian software company, has released emergency security updates to address a severe zero-day vulnerability in its Confluence Data Center and Server software. This vulnerability is actively being exploited, allowing attackers to create unauthorized Confluence administrator accounts and gain…

Recent Vulnerabilities in Popular Applications Blocked by Imperva

Multiple vulnerabilities in popular and widespread applications have been disclosed recently, tracked as CVE-2023-36845, CVE-2023-40044, CVE-2023-42793, CVE-2023-29357, and CVE-2023-22515. These vulnerabilities, which affect several products and can be exploited to allow arbitrary code execution, bypass access controls, and escalate privileges,…

Data Lake Hacking

Data lakes, or centralized repositories for large-scale data, are a popular solution for data storage, and there are good reasons for that. Data lakes are flexible and cost-effective, as they allow many object formats and multiple query engines, and there…

Applying Data Ontology Concepts to Protect Data

Data breaches continue to be the thorn for most organizations despite the sophisticated and innovative cybersecurity tools that are used to stop what is now the inevitable cost of doing business in a hyperconnected world. In this blog post, I’ll…

How Generative AI Will Transform Cybersecurity

One of the most promising developments in the fight against cybersecurity threats is the use of artificial intelligence (AI). This cutting-edge technology has the potential to revolutionize the way organizations manage cyberthreats, offering unprecedented levels of protection and adaptability. AI…

CVE-2023-3519: NetScaler (Citrix) RCE Blocked By Imperva

On July 20, CISA warned about the exploitation of an unauthenticated remote code execution vulnerability affecting NetScaler (formerly Citrix) Application Delivery Controller and NetScaler Gateway. Attackers first exploited this vulnerability in June, when unidentified hackers used this as a zero-day…

Adobe ColdFusion vulnerabilities mitigated by Imperva

Several vulnerabilities in Adobe ColdFusion have been discovered recently, tracked as CVE-2023-29300, CVE-2023-38205, and CVE-2023-29298. These vulnerabilities, which can be exploited to allow arbitrary code execution and bypass access controls, affect several ColdFusion versions since 2016.  Imperva has seen over…

Imperva Offers New Features to Simplify PCI DSS Compliance

The Silent Threat of Client-Side Attacks As more transactions move online, a silent threat is lurking in the deepest, darkest shadows of websites, threatening to steal your sensitive data. This rapidly evolving threat, known as client-side attacks such as Magecart,…

Business Logic Attacks: Why Should You Care?

Imagine this: You’ve just launched an amazing new application with top-of-the-line API security, reinforced it with client-side protection, and even set up defenses against bot attacks. You’re feeling safe and secure, congratulating yourself on a job well done. But, despite…

Unraveling an AI Scam with AI

The last year has seen an unprecedented surge in the use of Artificial Intelligence (AI) and its deployment across a variety of industries and sectors. Unfortunately, this revolutionary technology has not just captivated the good actors– the darker corners of…

Understanding and Mitigating the MOVEit Incidents

Over the last several weeks, attackers have taken advantage of vulnerabilities in MOVEit, a popular file transfer application developed by Progress. Cyber attackers have successfully performed ransomware and exfiltrated data by uploading web shells into vulnerable MOVEit instances deployed worldwide.…

Anonymous Sudan, MOVEit, and Cl0p

There are three concurrent events of significant concern: An Anonymous Sudan group chat on Telegram has revealed imminent threats from Russia to the US financial system, specifically targeting the SWIFT network. The motive behind this attack is disruption. By attacking…

Why Attackers Target the Gaming Industry

Key Takeaways: The gaming industry is a common target for cyberattacks due to its financial success and vast user base. Volumetric DDoS attacks can disrupt service, distract from more serious attacks, and cause financial damage, especially on sites that offer…

Preventing Bot Attacks and Online Fraud on APIs

The rapid proliferation of Application Programming Interfaces (APIs) is spearheading digital transformation, leading to explosive growth in adoption of APIs in recent years. In fact, it’s hard to think of any software that doesn’t use or is in itself, an…

Why Attackers Target the Government Industry

Key Takeaways: Government sites are full of information attackers want, so it’s crucial to defend them properly. DDoS is an easy tool for attackers to use to disrupt government sites, which can have far-reaching consequences, as we saw early in…

The Anatomy of a Scalping Bot: NSB Was Copped!

In recent years, scalping bots have become a growing concern for online retailers. In this two-part blog series, we will analyze the inner workings of the Nike Shoe Bot (NSB) scalping bot, one of the most dangerous scalping bots around.…

Imperva Unveils Latest API Security Enhancements

Imperva is continuing to evolve its API Security offering to help customers better protect their APIs, wherever they are, and to meet changing market requirements. Since launching API Security in March 2022, we continued investing in our API Security offering…

CVE-2023-26360 – Adobe ColdFusion Arbitrary Code Execution

On March 14, 2023, Adobe released a security advisory affecting Adobe ColdFusion versions 2021 and 2018. The vulnerability was categorized as improper access control, potentially resulting in arbitrary code execution. The exploitation of this issue does not require user interaction.  No PoC…

Two-Week ATO Attack Mitigated by Imperva

Beginning on February 7, an Imperva-protected account was targeted by an ongoing account takeover (ATO) attack that lasted for two weeks. On average, attacks last a few hours or a couple days at most, so the length of this attack…

Augmented Software Engineering in an AI Era

Artificial Intelligence (AI) has been making waves in many industries, and software engineering is no exception. AI has the potential to revolutionize the way software is developed, tested, and maintained, bringing a new level of automation and efficiency to the…

Imperva Announces Joining the EDB GlobalConnect Technology Partner Program and Certification of Imperva’s DSF Agents to Support EDB Postgres Advanced Server and Community PostgreSQL Databases

It’s official, Imperva has joined the EnterpriseDB (EDB) GlobalConnect Technology Partner Program. While Imperva has supported and protected the EDB Postgres Advanced Server and community PostgreSQL databases, it is now an EDB Certified security solution. Imperva’s Data Security Fabric (DSF)…

Why Healthcare Cybercrime is the Perfect Storm

It’s Friday night. You, your husband, and your two children are settling in for a fun pizza and movie night together.  Unexpectedly, your elderly neighbor, Anne, calls in a panic. Her husband Steve is having severe chest pains. While Anne…

Why Attackers Target the Financial Services Industry

This is Part 1 of a new monthly series from Imperva Threat Research exploring attackers’ motivations to target specific industries. Stay tuned for next months’ exploration of the healthcare industry! Key Takeaways Financial services sites are the most targeted ,…

Why Attackers Target the Financial Services Industry

This is Part 1 of a new monthly series from Imperva Threat Research exploring attackers’ motivations to target specific industries. Stay tuned for next months’ exploration of the healthcare industry! Key Takeaways Financial services sites are the most targeted ,…

ManageEngine Vulnerability CVE-2022-47966

Recently, Zoho ManageEngine released a security advisory for CVE-2022-47966, which allows for pre-authentication remote code execution in at least 24 ManageEngine products, including ADSelfService Plus and ServiceDesk Plus. This vulnerability stems from the products’ use of an outdated Apache Santuario…