Web scraping has existed for a long time, and depending on who you ask, it can be loved or hated. But where is the line drawn between extracting data for legitimate business purposes and malicious data extraction that hurts business?…
Category: Blog
2024 Predictions for Cybersecurity: The Rise of AI Brings New Challenges
The emergence of generative AI has put new resources in the hands of both attackers and defenders, and in 2024, Imperva believes the technology will have an even greater impact. Understanding how attackers are leveraging the technology will be critical…
Monolith Versus Microservices: Weigh the Pros and Cons of Both Configs
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: Monolith Versus Microservices: Weigh the Pros and Cons of Both Configs
Imperva Named an Overall Leader in the KuppingerCole Leadership Compass: API Security and Management Report
Imperva named an Overall Leader We’re thrilled to share that Imperva has achieved the prestigious status of Overall Leader in the KuppingerCole Leadership Compass: API Security and Management report. Our Leadership excels across the sub-categories of Product, Innovation, and Market…
Healthcare Trends in 2024: Challenges and Opportunities
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: Healthcare Trends in 2024: Challenges and Opportunities
Akamai Account Protector?s New Protection Against Account Opening Abuse
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: Akamai Account Protector?s New Protection Against Account Opening Abuse
Imperva & Thales: Pioneering a New Era in Cybersecurity
Imperva has been a beacon of excellence for over twenty years in the digital protection landscape, where innovation is paramount. Renowned for its groundbreaking products, Imperva has not just secured applications, APIs, and data for the world’s leading organizations but…
Accelerating Cloud-Native Data Security Deployments at Scale with Imperva’s eDSF Kit
Today’s evolving digital landscape and the rapid expansion of cloud technologies have necessitated a shift in the approach of deploying and managing data security across multiple platforms. Traditional methods of manual deployment of data activity monitoring, risk analytics, and threat…
Imperva Successfully Mitigates Record-Breaking DDoS Attack in Retail Industry
In the dynamic world of cybersecurity, November 13, 2023, marked a significant milestone for Imperva as we successfully mitigated the largest application-layer DDoS attack we’ve ever recorded in the retail industry. The target was a prominent Indonesian eCommerce platform, known…
Say Goodbye to Monolithic EdgeWorkers: Introducing Flexible Composition (Part 1)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: Say Goodbye to Monolithic EdgeWorkers: Introducing Flexible Composition (Part 1)
Five Takeaways from Black Friday & Cyber Monday Cyber Attacks
The online retail industry is one of the prime targets for cybercrime, as detailed in our annual analysis of the cybersecurity threats targeting eCommerce websites and applications. As the 2023 holiday shopping season continues, Imperva Threat Research is closely monitoring…
Defeat Web Shell WSO-NG
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: Defeat Web Shell WSO-NG
Measures Healthcare Providers Can Take to Mitigate Disruptions
Earlier this month, an internet outage affected public healthcare clusters in Singapore, including major hospitals and polyclinics, lasting more than seven hours from 9:20 am. Investigations identified that a distributed denial-of-service (DDoS) attack was the cause of the online service…
InfectedSlurs Botnet Spreads Mirai via Zero-Days
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: InfectedSlurs Botnet Spreads Mirai via Zero-Days
Akamai EdgeWorkers and Uniform: Personalize Web Pages at Scale Without Flicker
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: Akamai EdgeWorkers and Uniform: Personalize Web Pages at Scale Without Flicker
Improve User Experience with Parallel Execution of HTTP/2 Multiplexed Requests
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: Improve User Experience with Parallel Execution of HTTP/2 Multiplexed Requests
Akamai?s Perspective on November?s Patch Tuesday 2023
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: Akamai?s Perspective on November?s Patch Tuesday 2023
What Else Can You Do to Defend Against Bots?
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: What Else Can You Do to Defend Against Bots?
API Security in a Zero Trust World
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: API Security in a Zero Trust World
Beyond Vulnerabilities: Why API Abuse Is a Critical Challenge
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: Beyond Vulnerabilities: Why API Abuse Is a Critical Challenge
REST API Security Best Practices
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: REST API Security Best Practices
What Does XDR Have to Do with API Security?
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: What Does XDR Have to Do with API Security?
Support Telecom Providers on the Journey from Telco to Techco
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: Support Telecom Providers on the Journey from Telco to Techco
Virtually Patch Vulnerabilities with Microsegmentation and Akamai Hunt
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: Virtually Patch Vulnerabilities with Microsegmentation and Akamai Hunt
6 Strategies to Combat Advanced Persistent Threats
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: 6 Strategies to Combat Advanced Persistent Threats
Online Retailers: Five Threats Targeting Your Business This Holiday Shopping Season
As the holiday season approaches, a palpable sense of joy and anticipation fills the air. Twinkling lights adorn homes, the aroma of freshly baked cookies wafts through the kitchen, and the sound of laughter and carolers’ melodies resonate on frosty…
Navigating the Sea, Exploiting DigitalOcean APIs
Cloud service providers are now fundamental elements of internet infrastructure, granting organizations and individuals the ability to scale and efficiently store, manage, and process data. DigitalOcean is one such provider, well-regarded for its simplicity and developer-friendly platform, and often catering…
Imperva Expands Global Network, Adds First PoP in Vietnam
We are delighted to announce our first Point of Presence (PoP) in Hanoi, Vietnam, expanding our global network with our 16th PoP located in the Asia Pacific & Japan (APJ) region. Alongside its rich culture and historic sites, Hanoi, the…
New Secaucus Point of Presence Increases Resilience for Financial Services
We are thrilled to announce the opening of a new cutting-edge Point of Presence (PoP) in Secaucus, New Jersey, which adds resilience to our network infrastructure located in the Northeastern United States region. This PoP represents the first build using…
Imperva customers are protected against CVE-2023-22518 in Confluence Data Center and Server
Atlassian released patches for the recently released vulnerability CVE-2023-22518 in their Confluence Data Center and Confluence Server products. This is a critical vulnerability, allowing attackers to bypass the authentication mechanism to potentially gain unauthorized access to sensitive information and systems.…
The Hidden Costs of Outsourcing Healthcare Revenue Cycle Management
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: The Hidden Costs of Outsourcing Healthcare Revenue Cycle Management
Imperva Customers are Protected Against the Latest F5 BIG-IP Vulnerability
Imperva is tracking the recent critical security vulnerability impacting F5’s BIG-IP solution. The vulnerability, CVE-2023-46747, could allow an attacker to bypass authentication and potentially compromise the system via request smuggling. Imperva Threat Research has been actively monitoring this situation, and…
Protecting Small and Medium-Sized Businesses from Cyberthreats
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: Protecting Small and Medium-Sized Businesses from Cyberthreats
Expert Cybersecurity Awareness: Test Your Attack Knowledge
Hey, security experts: Can you recognize an attack from the code alone? Test your attack knowledge skills with this quick quiz. This article has been indexed from Blog Read the original article: Expert Cybersecurity Awareness: Test Your Attack Knowledge
How to Defend Against Account Opening Abuse
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: How to Defend Against Account Opening Abuse
The Haunted House of IoT: When Everyday Devices Turn Against You
In today’s interconnected world, the Internet of Things (IoT) promises convenience and innovation. From smart fridges that tell you when you’re out of milk to connected light bulbs that adjust to your mood, the future seems to be right at…
Analysis: A Ransomware Attack on a PostgreSQL Database
In 2017, we reported on a database ransomware campaign targeting MySQL and MongoDB. Since then, we’ve observed similar attack tactics on a PostgreSQL database in Imperva Threat Research lab. In general, the attack flow contained: A brute force attack on…
Database Ransomware: From Attack to Recovery
Introduction In recent years, ransomware attacks have risen sharply, due to their profitability, ease of access with ransomware-as-a-service (RaaS) tools, and an increasing attack surface. Ransomware is a type of attack in which the attacker locks and encrypts a victim’s…
Breaking the Chain of Data Access: The Importance of Separating Human and Application Users
Data, the lifeblood of any organization, relies on the database as its beating heart. As a result, businesses invest heavily in designing and monitoring all access to it. In traditional literature, there are two types of users: administrative users, who…
How to use DSF Collections & Index Patterns – A Tutorial
In conventional terminology, Imperva Data Security Fabric (DSF) is a database system, replete with a GUI interface for aggregation pipeline building, workflow orchestration, extensible scripting (Playbooks), and self-service data discovery (Kibana-based Discover). Imperva DSF is purpose-built for data protection, audit,…
DDoS Attacks Leveraged by Attackers in Israel Conflict
Over the last few years, we’ve observed Distributed Denial of Service (DDoS) attacks used in many conflicts. In the Russia-Ukraine war, DDoS was used both by government cyber agencies and individual hacktivist groups to disrupt the flow of information and…
Atlassian CVE-2023-22515 Blocked by Imperva
Atlassian, an Australian software company, has released emergency security updates to address a severe zero-day vulnerability in its Confluence Data Center and Server software. This vulnerability is actively being exploited, allowing attackers to create unauthorized Confluence administrator accounts and gain…
Recent Vulnerabilities in Popular Applications Blocked by Imperva
Multiple vulnerabilities in popular and widespread applications have been disclosed recently, tracked as CVE-2023-36845, CVE-2023-40044, CVE-2023-42793, CVE-2023-29357, and CVE-2023-22515. These vulnerabilities, which affect several products and can be exploited to allow arbitrary code execution, bypass access controls, and escalate privileges,…
Why Cool Dashboards Don’t Equal Effective Security Analytics
Mark Twain once said, “Data is like garbage. You’d better know what you are going to do with it before you collect it.” This statement rings true in today’s cybersecurity landscape. Security professionals are inundated with a flood of data,…
Data Lake Hacking
Data lakes, or centralized repositories for large-scale data, are a popular solution for data storage, and there are good reasons for that. Data lakes are flexible and cost-effective, as they allow many object formats and multiple query engines, and there…
Elevate Your Cybersecurity with Imperva Cloud WAF: More Than Just a Checkbox
In the world of digital modernization, having a web application firewall (WAF) isn’t an option – it’s a necessity. But in the endless sea of security solutions, how do you choose the right one? How do you ensure that you’re…
The Dark Side of Web Development: Why You Should Be Prioritizing Shadow Code
In the fast-paced world of web development, staying ahead of the curve is paramount, as developers are frequently under pressure to deliver products and functionalities quickly and efficiently. To meet accelerated timelines, they often leverage third-party scripts and open-source libraries,…
How to Predict Customer Churn Using SQL Pattern Detection
Introduction to SQL’s MATCH_RECOGNIZE Clause SQL is a great way to perform analysis on your data. It is very common and supported by many database engines including big data solutions. SQL is used in many cases to analyze data in…
GraphQL Vulnerabilities and Common Attacks: What You Need to Know
GraphQL is a powerful query language for APIs that has gained popularity in recent years for its flexibility and ability to provide a great developer experience. However, with the rise of GraphQL usage comes the potential for security vulnerabilities and…
Imperva Clinches 2023 SC Media Trust Award for Best Database Security Solution: A Back-to-Back Victory
Imperva, a global leader in cybersecurity, is proud to announce that we have once again been honored for our industry-leading database security solutions, earning the prestigious 2023 SC Media Trust Award for Best Database Security Solution. This accolade marks the…
How to Secure All Your APIs Through Multiple Deployment Options
Imperva has invested in strengthening our API Security offering to meet the needs of customers since the acquisition of CloudVector in 2021. Since then, the product’s capabilities have expanded, positioning it as a leader in the growing API Security market. …
Applying Data Ontology Concepts to Protect Data
Data breaches continue to be the thorn for most organizations despite the sophisticated and innovative cybersecurity tools that are used to stop what is now the inevitable cost of doing business in a hyperconnected world. In this blog post, I’ll…
Behind the Scenes of a Tailor-Made Massive Phishing Campaign
A global phishing campaign caught our attention after one of our colleagues was targeted by, and nearly fell victim, to a social engineering attack. The campaign involved more than 800 different scam domains and impersonated around 340 legitimate companies all…
How Generative AI Will Transform Cybersecurity
One of the most promising developments in the fight against cybersecurity threats is the use of artificial intelligence (AI). This cutting-edge technology has the potential to revolutionize the way organizations manage cyberthreats, offering unprecedented levels of protection and adaptability. AI…
CVE-2023-3519: NetScaler (Citrix) RCE Blocked By Imperva
On July 20, CISA warned about the exploitation of an unauthenticated remote code execution vulnerability affecting NetScaler (formerly Citrix) Application Delivery Controller and NetScaler Gateway. Attackers first exploited this vulnerability in June, when unidentified hackers used this as a zero-day…
Adobe ColdFusion vulnerabilities mitigated by Imperva
Several vulnerabilities in Adobe ColdFusion have been discovered recently, tracked as CVE-2023-29300, CVE-2023-38205, and CVE-2023-29298. These vulnerabilities, which can be exploited to allow arbitrary code execution and bypass access controls, affect several ColdFusion versions since 2016. Imperva has seen over…
The Battle Against Business Logic Attacks: Why Traditional Security Tools Fall Short
As the digital landscape continues to evolve, so do the tactics utilized by bad actors that are seeking to exploit application vulnerabilities. Among the most insidious types of attacks are business logic attacks (BLAs). Unlike known attacks, which can be…
Imperva Offers New Features to Simplify PCI DSS Compliance
The Silent Threat of Client-Side Attacks As more transactions move online, a silent threat is lurking in the deepest, darkest shadows of websites, threatening to steal your sensitive data. This rapidly evolving threat, known as client-side attacks such as Magecart,…
New MOVEit vulnerability CVE-2023-36934 blocked by Imperva
On July 5, Progress Software released a security advisory for a new critical vulnerability in the MOVEit Transfer software, CVE-2023-36934. With a critical score of 9.1, this bug is a SQL injection vulnerability in the MOVEit Transfer web application with…
Understanding Business Logic Abuse and Its Detection Challenges
Digital modernization and automation have been on a rapid trajectory for the last 5 years and were thrust forward at an even faster pace when the COVID-19 pandemic and subsequent lockdown period took hold in 2020. For businesses and consumers…
Business Logic Attacks: Why Should You Care?
Imagine this: You’ve just launched an amazing new application with top-of-the-line API security, reinforced it with client-side protection, and even set up defenses against bot attacks. You’re feeling safe and secure, congratulating yourself on a job well done. But, despite…
Overcoming Challenges in Delivering Machine Learning Models from Research to Production
So, you’ve finished your research. You developed a machine learning (ML) model, tested, and validated it and you’re now ready to start development, and then push the model to production. The hard work — the research — is finally behind…
Unraveling an AI Scam with AI
The last year has seen an unprecedented surge in the use of Artificial Intelligence (AI) and its deployment across a variety of industries and sectors. Unfortunately, this revolutionary technology has not just captivated the good actors– the darker corners of…
Understanding and Mitigating the MOVEit Incidents
Over the last several weeks, attackers have taken advantage of vulnerabilities in MOVEit, a popular file transfer application developed by Progress. Cyber attackers have successfully performed ransomware and exfiltrated data by uploading web shells into vulnerable MOVEit instances deployed worldwide.…
In Healthcare Organizations, Data Security Risks Persist Despite HIPAA Compliance
In a recent blog post, we discussed the extraordinarily powerful “perfect storm” of cyber risk faced by healthcare organizations today. This storm is escalating in size, force, and risk levels. The Health Insurance Portability and Accountability Act (HIPAA) sets the…
Anonymous Sudan, MOVEit, and Cl0p
There are three concurrent events of significant concern: An Anonymous Sudan group chat on Telegram has revealed imminent threats from Russia to the US financial system, specifically targeting the SWIFT network. The motive behind this attack is disruption. By attacking…
How Ticket Scalping Impacts Asia’s Live Entertainment Industry
Asia’s booming live entertainment industry has recently been plagued by a growing problem of ticket scalping. The term refers to the act of purchasing live event tickets in bulk by individuals, often through the use of automation (aka bots), to…
CVE-2023-34362 – MOVEit Transfer – An attack chain that retrieves sensitive information
MOVEit Transfer is a popular secure file transfer solution developed by Progress, a subsidiary of Ipswitch. At the moment, there are more than 2,500 MOVEit Transfer servers that are accessible from the internet, according to Shodan. On May 31, 2023,…
Why Attackers Target the Gaming Industry
Key Takeaways: The gaming industry is a common target for cyberattacks due to its financial success and vast user base. Volumetric DDoS attacks can disrupt service, distract from more serious attacks, and cause financial damage, especially on sites that offer…
Preventing Bot Attacks and Online Fraud on APIs
The rapid proliferation of Application Programming Interfaces (APIs) is spearheading digital transformation, leading to explosive growth in adoption of APIs in recent years. In fact, it’s hard to think of any software that doesn’t use or is in itself, an…
Why Attackers Target the Government Industry
Key Takeaways: Government sites are full of information attackers want, so it’s crucial to defend them properly. DDoS is an easy tool for attackers to use to disrupt government sites, which can have far-reaching consequences, as we saw early in…
A Decade of Fighting Bad Bots: Key Learnings from the 2023 Imperva Bad Bot Report
The 2023 Imperva Bad Bot Report is now available. The 10th edition of the annual report takes a deep dive into the latest bad bot statistics and trends from the past year, providing meaningful information and guidance about the nature…
The Anatomy of a Scalping Bot: NSB Goes Undercover & How it Avoids Detection
In the first blog post, we introduced you to the Nike Shoe Bot (NSB), one of the most dangerous scalping bots around. We outlined its purpose, its behavior, and described how we recovered its source code. In this blog post,…
CVE-2023-29552: Abusing the SLP Protocol to Launch Massive DDoS Amplification Attacks
On April 25, 2023, researchers at Bitsight and Curesec jointly discovered a high-severity vulnerability — tracked as CVE-2023-29552 — in the Service Location Protocol (SLP), a legacy Internet protocol. What is SLP protocol? Service Location Protocol (SLP) is a network…
Imperva Red Team Discovers Vulnerability in TikTok That Can Reveal User Activity and Information
TL;DR The Imperva Red Team discovered a vulnerability in TikTok, a popular social media platform with more than one billion users worldwide, that could allow attackers to monitor users’ activity on both mobile and desktop devices. This vulnerability, which has…
With Imperva’s DRA and ServiceNow, you can avoid burning out your cyber security employees
In today’s world, CIOs and CISOs are facing a tough reality when it comes to the security staff shortage situation. With the deflating economy, nationalism, cybercrime, and nation-led adversaries, the demand for security personnel has increased, making it challenging for…
Imperva Continues to Innovate With New Features for Online Fraud Prevention
Last year, Imperva embarked on a mission to help organizations combat the growing threat of digital fraud. We introduced a new solution and a range of innovative features to help detect and prevent online fraud at its earliest stages. Imperva…
Imperva® and Fortanix Partner to Protect Confidential Customer Data
Imperva Data Security Fabric and Fortanix Data Security Manager combine to provide end-to-end data security. Imperva, Inc., (@Imperva) the cybersecurity leader that protects critical applications, APIs, and data, anywhere at scale, and Fortanix, Inc. (@Fortanix), the Data Security company powered…
The Anatomy of a Scalping Bot: NSB Was Copped!
In recent years, scalping bots have become a growing concern for online retailers. In this two-part blog series, we will analyze the inner workings of the Nike Shoe Bot (NSB) scalping bot, one of the most dangerous scalping bots around.…
Imperva Unveils Latest API Security Enhancements
Imperva is continuing to evolve its API Security offering to help customers better protect their APIs, wherever they are, and to meet changing market requirements. Since launching API Security in March 2022, we continued investing in our API Security offering…
Imperva and Kong Partner to Bring API Security to the Gateway for Enhanced API Management
Imperva is delighted to announce a new partnership with Kong Inc, provider of the leading cloud-native API platform, to offer best-in-class API Security to users of the Kong platform. Through the new partnership, Kong Enterprise customers can protect their business…
Imperva is an Overall Leader in the 2023 KuppingerCole Leadership Compass Data Security Platforms Report
Imperva is a leader in every category – Market, Innovation, and Product Imperva, Inc., (@Imperva) the cybersecurity leader that protects critical applications, APIs, and data, anywhere at scale, is an Overall Leader in the 2023 KuppingerCole Leadership Compass for Data…
New Imperva Office & Customer Experience Centre Aims to Meet the Needs of Customers In Singapore & Across Asia Pacific and Japan
Since 2009, Imperva has proudly maintained offices in various countries across the Asia Pacific and Japan (APJ) region. As the company experiences momentum in this region, we continue to invest in expanding our presence to better support our valued customers,…
CVE-2023-26360 – Adobe ColdFusion Arbitrary Code Execution
On March 14, 2023, Adobe released a security advisory affecting Adobe ColdFusion versions 2021 and 2018. The vulnerability was categorized as improper access control, potentially resulting in arbitrary code execution. The exploitation of this issue does not require user interaction. No PoC…
Two-Week ATO Attack Mitigated by Imperva
Beginning on February 7, an Imperva-protected account was targeted by an ongoing account takeover (ATO) attack that lasted for two weeks. On average, attacks last a few hours or a couple days at most, so the length of this attack…
Imperva recognized as a Strong Performer in Forrester Wave: Data Security Platforms, Q1 2023
Imperva Data Security Fabric demonstrates robust security and risk management practices to reduce risks across hybrid multicloud environments The Forrester Wave™ evaluated the largest end-to-end providers of data security capabilities across a wide range of functionality to enable controls to…
Augmented Software Engineering in an AI Era
Artificial Intelligence (AI) has been making waves in many industries, and software engineering is no exception. AI has the potential to revolutionize the way software is developed, tested, and maintained, bringing a new level of automation and efficiency to the…
Deanonymizing OpenSea NFT Owners via Cross-Site Search Vulnerability
TLDR Recently, a cross-site search vulnerability was discovered affecting the popular NFT marketplace OpenSea. When successfully exploited, this issue allows for the deanonymization of OpenSea users by linking an IP address, a browser session, or an email in certain conditions…
Imperva Announces Joining the EDB GlobalConnect Technology Partner Program and Certification of Imperva’s DSF Agents to Support EDB Postgres Advanced Server and Community PostgreSQL Databases
It’s official, Imperva has joined the EnterpriseDB (EDB) GlobalConnect Technology Partner Program. While Imperva has supported and protected the EDB Postgres Advanced Server and community PostgreSQL databases, it is now an EDB Certified security solution. Imperva’s Data Security Fabric (DSF)…
Why Healthcare Cybercrime is the Perfect Storm
It’s Friday night. You, your husband, and your two children are settling in for a fun pizza and movie night together. Unexpectedly, your elderly neighbor, Anne, calls in a panic. Her husband Steve is having severe chest pains. While Anne…
Advanced Persistent Threat Groups Behind DDoS Attacks on Danish Hospitals
On Sunday 26 February the websites of several Danish hospitals were taken offline after being hit by Distributed Denial of Service (DDoS) attacks claimed by a group calling themselves ‘Anonymous Sudan’. According to reports on Twitter patient care was unaffected…
Imperva releases its Global DDoS Threat Landscape Report 2023
The 2023 Imperva Global DDoS Threat Landscape Report reviews DDoS attack activity throughout 2022, provides insights into the year’s most noteworthy DDoS events, and offers recommendations for the year ahead. While the report focuses mainly on research data from the…
Everything You Need To Know About The Latest Imperva Online Fraud Prevention Feature Release
It’s a new year and we have lots of fresh features for Imperva Online Fraud Prevention solution, which encompasses Advanced Bot Protection, Account Takeover Protection, and Client-Side Protection. We have been busy adding a host of new advanced fraud detection…
Hospitals Hit by DDoS Attacks as Killnet Group Targets the Healthcare Sector – What You Need to do Now
The increase in DDoS attacks on healthcare organizations in the US in the last 48 hours by the Pro-Russian hacktivist group Killnet has become a serious concern. These types of attacks are designed to overload a network or system with…
Why Attackers Target the Financial Services Industry
This is Part 1 of a new monthly series from Imperva Threat Research exploring attackers’ motivations to target specific industries. Stay tuned for next months’ exploration of the healthcare industry! Key Takeaways Financial services sites are the most targeted ,…
Why Attackers Target the Financial Services Industry
This is Part 1 of a new monthly series from Imperva Threat Research exploring attackers’ motivations to target specific industries. Stay tuned for next months’ exploration of the healthcare industry! Key Takeaways Financial services sites are the most targeted ,…
ManageEngine Vulnerability CVE-2022-47966
Recently, Zoho ManageEngine released a security advisory for CVE-2022-47966, which allows for pre-authentication remote code execution in at least 24 ManageEngine products, including ADSelfService Plus and ServiceDesk Plus. This vulnerability stems from the products’ use of an outdated Apache Santuario…
Is the FSI innovation rush leaving your data and application security controls behind?
Fuelled by rising consumer expectations for innovative services and easy real-time access to financial products and information, financial services industries (FSI) and fintech organizations are racing to out-innovate each other and capture market share. The sizeable growth of investments into…
Google Chrome “SymStealer” Vulnerability: How to Protect Your Files from Being Stolen
The Imperva Red Team recently disclosed a vulnerability, dubbed CVE-2022-40764, affecting over 2.5 billion users of Google Chrome and Chromium-based browsers. This vulnerability allowed for the theft of sensitive files, such as crypto wallets and cloud provider credentials. Introduction Chrome…