Gabi Stapel

Blog

A critical security flaw, identified as CVE-2024-1071, was discovered in the Ultimate Member plugin for WordPress, affecting over 200,000 active installations. This vulnerability has a high severity CVSS score of 9.8 and allows for SQL injection via the ‘sorting’ parameter due to insufficient input sanitization and preparation of SQL queries ... Read More

A critical vulnerability in the Bricks Builder site builder for WordPress, identified as CVE-2024-25600, is currently under active exploitation, and poses a significant threat to over 25,000 sites. This flaw, with a CVSS score of 9.8, is an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary PHP ... Read More

On January 16, a joint alert from FBI and CISA warned about a concerning development: the emergence of a botnet driven by AndroxGh0st malware targeting vulnerable applications and web servers. AndroxGh0st is a Python-based malware, first seen in late 2022, designed to target Laravel .env files and steal credentials for ... Read More

In the dynamic world of cybersecurity, November 13, 2023, marked a significant milestone for Imperva as we successfully mitigated the largest application-layer DDoS attack we’ve ever recorded in the retail industry. The target was a prominent Indonesian eCommerce platform, known for its diverse offerings—ranging from electronics to fashion, and a ... Read More

In the dimly lit corners of the internet, where shadows flicker and eerie silences prevail, there lurks entities of malevolent intent. They are not the stuff of old wives’ tales or campfire ghost stories. We’re talking about bad bots, the digital bogeymen of the digital age. These nefarious beings are ... Read More

In today’s interconnected world, the Internet of Things (IoT) promises convenience and innovation. From smart fridges that tell you when you’re out of milk to connected light bulbs that adjust to your mood, the future seems to be right at our fingertips. What happens when these devices, designed to make ... Read More

Over the last few years, we’ve observed Distributed Denial of Service (DDoS) attacks used in many conflicts. In the Russia-Ukraine war, DDoS was used both by government cyber agencies and individual hacktivist groups to disrupt the flow of information and deface sites to promote propaganda.  The current crisis in Israel ... Read More

Multiple vulnerabilities in popular and widespread applications have been disclosed recently, tracked as CVE-2023-36845, CVE-2023-40044, CVE-2023-42793, CVE-2023-29357, and CVE-2023-22515. These vulnerabilities, which affect several products and can be exploited to allow arbitrary code execution, bypass access controls, and escalate privileges, can be extremely dangerous and pose serious security risks.  Imperva ... Read More

MOVEit Transfer is a popular secure file transfer solution developed by Progress, a subsidiary of Ipswitch. At the moment, there are more than 2,500 MOVEit Transfer servers that are accessible from the internet, according to Shodan. On May 31, 2023, Progress released a security advisory affecting versions 2021.0.6 (13.0.6), 2021.1.4 ... Read More

Key Takeaways: Government sites are full of information attackers want, so it’s crucial to defend them properly. DDoS is an easy tool for attackers to use to disrupt government sites, which can have far-reaching consequences, as we saw early in the Russia-Ukraine war. Remote code execution (RCE) attacks can give ... Read More