Written By Shiran Bareli
Over the last few days, Imperva researchers have monitored the emergence of a new botnet, one whose primary activity is performing different DDoS attacks and mining cryptocurrency. It also acts as a worm trying to extend its reach by scanning specific subnets and ports and using different remote code execution (CVE) vulnerabilities in an effort to infect them.
This particular botnet attack is unique given its rapid exploitation of the latest web vulnerabilities as a way to extend its reach and size.
The first recorded attack attempt took place on January 8. …
Written by Johnathan Azaria
Imperva’s Data Scientists trained a machine-learning model to auto-configure DDoS security policies and this blog shares some of the lessons learned along the way.
Data scientists consider labeled data the gold standard and, despite having to filter out anomalies, there is an overall tendency to trust it. In training a supervised machine learning model that auto-configures security policies and working closely with the experts the model was imitating, we learned many lessons about the many biases contained in man-made labels, and how to account for them.
The problem statement was to auto-create security policies for network…
Written by Johnathan Azaria
Much has changed since we first started providing protection against DDoS attacks. Attacks which were once considered huge are now mitigated on a daily basis, attackers are becoming more sophisticated by the day, and mitigation takes a matter of seconds, as opposed to minutes, to kick in. But one thing that still remains unchanged is the manual process required to configure a security policy for an IP range.
A security policy is a set of values that defines the traffic’s baseline, taking into consideration factors such as:
Written by Vitaly S.
Popular within the commercial sphere, Oracle WebLogic Server is a scalable enterprise Java platform application server for Java-based web applications. When a vulnerability is discovered in WebLogic, hackers will try to exploit it ASAP.
And it’s not only hackers — bug hunters also want to make a quick buck and report the organization’s vulnerability.
This vulnerability is an unauthenticated Remote Code Execution (RCE), which means you need to send a single HTTP request to the vulnerable WebLogic server to exploit it, and you don’t need to be authenticated to take control of the server.
In cybersecurity, we often hear about best practices, one of the most important of which is never to open services that should be for internal use to public access. These are best practices for a good reason — when you don’t follow them, you might be hacked!
Investigations into the root cause of data breaches will most often point to the same malpractice where services are left publicly accessible, whether by…
Account Takeover (ATO) describes when an online account is accessed and/ or used by someone other than its legitimate owner, usually for malicious purposes. Account Takeover attacks happen when an attacker is trying to get unauthorized access to an account or when the account has already been compromised and the attacker uses the account for a malicious purpose, such as unauthorized access or data theft.
As a web application firewall provider, part of our job at Imperva is to continually monitor for new security vulnerabilities. To do this, we use internal software that collects information from various data sources such as vulnerability databases, newsletters, forums, social media and more, integrating it into a single repository, and assessing each vulnerability’s priority. Having this kind of data puts us in a unique position to provide an analysis of all web applications and database vulnerabilities throughout the year, view trends, and notice significant changes in the security landscape. …
Today Imperva Research Labs, made up of senior researchers and industry experts who have been delivering sound and valid advice for over 15 years, is releasing a brand new Global DDoS Threat Landscape Report. The report is a statistical analysis of 3,643 network layer DDoS attacks throughout 2019 and 42,390 application layer DDoS attacks mitigated by Imperva from May to December 2019.
2019 saw the largest network and application layer attacks ever recorded, with a network layer DDoS attack that reached 580 million packets per second (PPS) in April…
With a presence in India since 2017, Imperva is continuing to provide a level of security excellence in the region. With Asia in general as both the target and source of most network DDoS attacks, and India topping the list for the first time in our latest DDoS threat landscape report, this is more critical than ever.
We’re living in the Golden Age of data. Some companies analyze it to better themselves, others trade it for profit, none give it up freely due to its value — for their business, and for criminals, as well.
SQL (Structured Query Language) is an extremely popular way to communicate with databases. While many new databases use non-SQL syntax, most are still compatible with SQL. This makes SQL a handy tool for anyone who wants to access data, no matter their motives.
SQL Injection (or SQLi) attacks have been around for almost 2 decades…