Beginning on February 7, an Imperva-protected account was targeted by an ongoing account takeover (ATO) attack that lasted for two weeks. On average, attacks last a few hours or a couple days at most, so the length of this attack…
Tag: Blog
Imperva recognized as a Strong Performer in Forrester Wave: Data Security Platforms, Q1 2023
Imperva Data Security Fabric demonstrates robust security and risk management practices to reduce risks across hybrid multicloud environments The Forrester Wave™ evaluated the largest end-to-end providers of data security capabilities across a wide range of functionality to enable controls to…
Augmented Software Engineering in an AI Era
Artificial Intelligence (AI) has been making waves in many industries, and software engineering is no exception. AI has the potential to revolutionize the way software is developed, tested, and maintained, bringing a new level of automation and efficiency to the…
Deanonymizing OpenSea NFT Owners via Cross-Site Search Vulnerability
TLDR Recently, a cross-site search vulnerability was discovered affecting the popular NFT marketplace OpenSea. When successfully exploited, this issue allows for the deanonymization of OpenSea users by linking an IP address, a browser session, or an email in certain conditions…
Imperva Announces Joining the EDB GlobalConnect Technology Partner Program and Certification of Imperva’s DSF Agents to Support EDB Postgres Advanced Server and Community PostgreSQL Databases
It’s official, Imperva has joined the EnterpriseDB (EDB) GlobalConnect Technology Partner Program. While Imperva has supported and protected the EDB Postgres Advanced Server and community PostgreSQL databases, it is now an EDB Certified security solution. Imperva’s Data Security Fabric (DSF)…
Why Healthcare Cybercrime is the Perfect Storm
It’s Friday night. You, your husband, and your two children are settling in for a fun pizza and movie night together. Unexpectedly, your elderly neighbor, Anne, calls in a panic. Her husband Steve is having severe chest pains. While Anne…
Advanced Persistent Threat Groups Behind DDoS Attacks on Danish Hospitals
On Sunday 26 February the websites of several Danish hospitals were taken offline after being hit by Distributed Denial of Service (DDoS) attacks claimed by a group calling themselves ‘Anonymous Sudan’. According to reports on Twitter patient care was unaffected…
Imperva releases its Global DDoS Threat Landscape Report 2023
The 2023 Imperva Global DDoS Threat Landscape Report reviews DDoS attack activity throughout 2022, provides insights into the year’s most noteworthy DDoS events, and offers recommendations for the year ahead. While the report focuses mainly on research data from the…
Everything You Need To Know About The Latest Imperva Online Fraud Prevention Feature Release
It’s a new year and we have lots of fresh features for Imperva Online Fraud Prevention solution, which encompasses Advanced Bot Protection, Account Takeover Protection, and Client-Side Protection. We have been busy adding a host of new advanced fraud detection…
Hospitals Hit by DDoS Attacks as Killnet Group Targets the Healthcare Sector – What You Need to do Now
The increase in DDoS attacks on healthcare organizations in the US in the last 48 hours by the Pro-Russian hacktivist group Killnet has become a serious concern. These types of attacks are designed to overload a network or system with…
Why Attackers Target the Financial Services Industry
This is Part 1 of a new monthly series from Imperva Threat Research exploring attackers’ motivations to target specific industries. Stay tuned for next months’ exploration of the healthcare industry! Key Takeaways Financial services sites are the most targeted ,…
Why Attackers Target the Financial Services Industry
This is Part 1 of a new monthly series from Imperva Threat Research exploring attackers’ motivations to target specific industries. Stay tuned for next months’ exploration of the healthcare industry! Key Takeaways Financial services sites are the most targeted ,…
ManageEngine Vulnerability CVE-2022-47966
Recently, Zoho ManageEngine released a security advisory for CVE-2022-47966, which allows for pre-authentication remote code execution in at least 24 ManageEngine products, including ADSelfService Plus and ServiceDesk Plus. This vulnerability stems from the products’ use of an outdated Apache Santuario…
Is the FSI innovation rush leaving your data and application security controls behind?
Fuelled by rising consumer expectations for innovative services and easy real-time access to financial products and information, financial services industries (FSI) and fintech organizations are racing to out-innovate each other and capture market share. The sizeable growth of investments into…
Google Chrome “SymStealer” Vulnerability: How to Protect Your Files from Being Stolen
The Imperva Red Team recently disclosed a vulnerability, dubbed CVE-2022-40764, affecting over 2.5 billion users of Google Chrome and Chromium-based browsers. This vulnerability allowed for the theft of sensitive files, such as crypto wallets and cloud provider credentials. Introduction Chrome…