Effective monitoring and anomaly detection within a data environment are crucial, particularly in today’s data-driven landscape. At Imperva Threat Research, our data lake serves as the backbone for a range of critical functions, including threat hunting, risk analysis, and trend…
Category: Blog
Imperva successfully defends against CVE-2024-25600 in WordPress Bricks Builder
A critical vulnerability in the Bricks Builder site builder for WordPress, identified as CVE-2024-25600, is currently under active exploitation, and poses a significant threat to over 25,000 sites. This flaw, with a CVSS score of 9.8, is an unauthenticated remote…
Is Network Security Still a Thing in the Age of Public Cloud?
Akamai Guardicore Segmentation is extending its segmentation capabilities to hybrid cloud environments. This article has been indexed from Blog Read the original article: Is Network Security Still a Thing in the Age of Public Cloud?
Data Matters ? Empowering Threat Hunters to Reduce API Risk
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: Data Matters ? Empowering Threat Hunters to Reduce API Risk
Exploitation Observed: Ivanti Connect Secure ? CVE-2023-46805 and CVE-2024-21887
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: Exploitation Observed: Ivanti Connect Secure ? CVE-2023-46805 and CVE-2024-21887
Attackers Quick to Weaponize CVE-2023-22527 for Malware Delivery
On January 16, 2024, Atlassian disclosed a critical vulnerability affecting Confluence Data Center and Confluence Server, tracked as CVE-2023-22527. The vulnerability is an unauthenticated OGNL injection bug, allowing unauthenticated attackers to execute Java expressions, invoke methods, navigate object relationships, and…
The New York Times vs. OpenAI: A Turning Point for Web Scraping?
In a recent blog, we covered the blurry lines of legality surrounding web scraping and how the advent of artificial intelligence (AI) and large language models (LLMs) further complicates the matter. Shortly after publishing the blog, a significant legal development…
XSS Marks the Spot: Digging Up Vulnerabilities in ChatGPT
With its widespread use among businesses and individual users, ChatGPT is a prime target for attackers looking to access sensitive information. In this blog post, I’ll walk you through my discovery of two cross-site scripting (XSS) vulnerabilities in ChatGPT and…
Hacking Microsoft and Wix with Keyboard Shortcuts
Browser vendors continuously tweak and refine browser functionalities to improve security. Implementing same-site cookies is a prime example of vendors’ efforts to mitigate Cross-Site Request Forgery (CSRF) attacks. However, not all security measures are foolproof. In their quest to combat…
Will VPN Security Vulnerabilities Accelerate ZTNA Adoption?
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: Will VPN Security Vulnerabilities Accelerate ZTNA Adoption?