Recent Vulnerabilities in Popular Applications Blocked by Imperva
Multiple vulnerabilities in popular and widespread applications have been disclosed recently, tracked as CVE-2023-36845, CVE-2023-40044, CVE-2023-42793, CVE-2023-29357, and CVE-2023-22515. These vulnerabilities, which affect several products and can be exploited to allow arbitrary code execution, bypass access controls, and escalate privileges, can be extremely dangerous and pose serious security risks. Imperva ... Read More
CVE-2023-34362 – MOVEit Transfer – An attack chain that retrieves sensitive information
MOVEit Transfer is a popular secure file transfer solution developed by Progress, a subsidiary of Ipswitch. At the moment, there are more than 2,500 MOVEit Transfer servers that are accessible from the internet, according to Shodan. On May 31, 2023, Progress released a security advisory affecting versions 2021.0.6 (13.0.6), 2021.1.4 ... Read More
Why Attackers Target the Government Industry
Key Takeaways: Government sites are full of information attackers want, so it’s crucial to defend them properly. DDoS is an easy tool for attackers to use to disrupt government sites, which can have far-reaching consequences, as we saw early in the Russia-Ukraine war. Remote code execution (RCE) attacks can give ... Read More
CVE-2023-26360 – Adobe ColdFusion Arbitrary Code Execution
On March 14, 2023, Adobe released a security advisory affecting Adobe ColdFusion versions 2021 and 2018. The vulnerability was categorized as improper access control, potentially resulting in arbitrary code execution. The exploitation of this issue does not require user interaction. No PoC has been released so far, however, after further investigation, the ... Read More
Two-Week ATO Attack Mitigated by Imperva
Beginning on February 7, an Imperva-protected account was targeted by an ongoing account takeover (ATO) attack that lasted for two weeks. On average, attacks last a few hours or a couple days at most, so the length of this attack was an anomaly and underscores the persistence of the attackers ... Read More
Why Attackers Target the Healthcare Industry
Key Takeaways: Personal health information (PHI) is an incredibly valuable category of personal data. When compromised and sold on the dark web, this data can be sold for thousands of dollars. Healthcare is a valuable target to attackers, including the group Killnet, which targeted healthcare sites in January 2023 with ... Read More
Why Attackers Target the Financial Services Industry
This is Part 1 of a new monthly series from Imperva Threat Research exploring attackers’ motivations to target specific industries. Stay tuned for next months’ exploration of the healthcare industry! Key Takeaways Financial services sites are the most targeted , and it’s important to stay ahead of attackers. 30% of ... Read More
81% Increase in Large-Volume DDoS Attacks
Since 2021, distributed denial of service (DDoS) attacks have trended upwards, both in volume and frequency. Layer 7 DDoS attacks of at least 500,000 requests per second (RPS) increased 81% in the past year. In addition to greater frequency, attack sizes were larger in 2022 than in 2021. The largest ... Read More
The World Cup: Prime Time for Sports Fans and Cybercriminals
From November 20 to December 18, fans from all over the world are tuned into the World Cup tournament in Qatar. While this is a major event for sports fans, it’s also prime time for bad actors. Large sporting events lead to increased levels of activity across sports and gambling ... Read More
Log4j: One Year Later
One year ago, the Log4j remote code execution vulnerability known as Log4Shell (CVE-2021-44228) was announced. The critical severity level vulnerability in a logging framework used across virtually all Java environments quickly set the internet on fire when it was released and exploited. It’s considered one of the most critical vulnerabilities ... Read More
