Tag: Blog

Why it Pays to Have a Comprehensive API Security Strategy

In an era dominated by digital connectivity and rapid technological advancements, Application Programming Interfaces (APIs) play a pivotal role in facilitating seamless communication and data exchange between diverse software applications. As API usage continues to grow, so does the need…

Learning from the LockBit Takedown

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: Learning from the LockBit Takedown

Advocating for Inclusion in Tech

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: Advocating for Inclusion in Tech

Attackers Quick to Weaponize CVE-2023-22527 for Malware Delivery

On January 16, 2024, Atlassian disclosed a critical vulnerability affecting Confluence Data Center and Confluence Server, tracked as CVE-2023-22527. The vulnerability is an unauthenticated OGNL injection bug, allowing unauthenticated attackers to execute Java expressions, invoke methods, navigate object relationships, and…

XSS Marks the Spot: Digging Up Vulnerabilities in ChatGPT

With its widespread use among businesses and individual users, ChatGPT is a prime target for attackers looking to access sensitive information. In this blog post, I’ll walk you through my discovery of two cross-site scripting (XSS) vulnerabilities in ChatGPT and…

Hacking Microsoft and Wix with Keyboard Shortcuts

Browser vendors continuously tweak and refine browser functionalities to improve security. Implementing same-site cookies is a prime example of vendors’ efforts to mitigate Cross-Site Request Forgery (CSRF) attacks. However, not all security measures are foolproof. In their quest to combat…

The Added Value of SNI-Only Mode in Imperva Cloud WAF

Imperva has modified the default behavior for new cloud WAF sites, now enforcing Server Name Indication (SNI)-only traffic by default. This shift is aimed at optimizing the utilization of TLS-related features, both those currently in place and those slated for…

Do Any HTTP Clients Not Support SNI?

In this blog post, we’ll share the results of an internal research project we conducted on our CDN customers focused on websites that are getting non-Server Name Indication (SNI) traffic.  The goal of our research was to answer the following…

The Web Scraping Problem: Part 1

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: The Web Scraping Problem: Part 1

Keep Your Tech FLAME Alive

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: Keep Your Tech FLAME Alive

What Is API Detection and Response?

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: What Is API Detection and Response?

Are You Ready for PCI DSS 4.0?

The Payment Card Industry Data Security Standard (PCI DSS) is the global benchmark for ensuring companies that handle credit card information maintain a secure environment. It provides a framework to help organizations protect sensitive cardholder data from theft and secure…

HTTP/2 Rapid Reset Mitigation With Imperva WAF

In the modern application landscape, where businesses are constantly under the threat of cyber attacks, one of the most recent to emerge is HTTP/2 Rapid Reset (CVE-2023-44487), a type of Distributed Denial-of-Service (DDoS) attack. This attack is larger than any…

Shifting from reCAPTCHA to hCaptcha

We are adding another CAPTCHA vendor and helping our customers migrate from Google’s reCAPTCHA to hCaptcha.  Why We Are Making This Change We continuously evaluate our security measures to ensure they align with the evolving landscape of threats. After carefully…

The Do?s and Don?ts of Modern API Security

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: The Do?s and Don?ts of Modern API Security

CVE-2023-50164: A Critical Vulnerability in Apache Struts

On December 7, 2023, Apache released a security advisory regarding CVE-2023-50164, a critical vulnerability in Apache Struts with CVSS score 9.8. Versions from 2.5.0 to 2.5.32 and 6.0.0 to 6.3.0 were affected.  Apache Struts is a popular, free, open-source framework…

What We’ve Learned from Media Cloud Adoption Trends

Read the top takeaways from a global survey of leaders in the media and entertainment industry about their cloud adoption experiences and challenges. This article has been indexed from Blog Read the original article: What We’ve Learned from Media Cloud…

Imperva Detects Undocumented 8220 Gang Activities

Imperva Threat Research has detected previously undocumented activity from the 8220 gang, which is known for the mass deployment of malware using a variety of continuously evolving TTPs. This threat actor has been known to target both Windows and Linux…

Is Web Scraping Illegal? Depends on Who You Ask

Web scraping has existed for a long time, and depending on who you ask, it can be loved or hated. But where is the line drawn between extracting data for legitimate business purposes and malicious data extraction that hurts business?…

Imperva & Thales: Pioneering a New Era in Cybersecurity

Imperva has been a beacon of excellence for over twenty years in the digital protection landscape, where innovation is paramount. Renowned for its groundbreaking products, Imperva has not just secured applications, APIs, and data for the world’s leading organizations but…

Five Takeaways from Black Friday & Cyber Monday Cyber Attacks

The online retail industry is one of the prime targets for cybercrime, as detailed in our annual analysis of the cybersecurity threats targeting eCommerce websites and applications.  As the 2023 holiday shopping season continues, Imperva Threat Research is closely monitoring…

Defeat Web Shell WSO-NG

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: Defeat Web Shell WSO-NG

Measures Healthcare Providers Can Take to Mitigate Disruptions

Earlier this month, an internet outage affected public healthcare clusters in Singapore, including major hospitals and polyclinics, lasting more than seven hours from 9:20 am. Investigations identified that a distributed denial-of-service (DDoS) attack was the cause of the online service…