Protecting Against HTTP/2 Rapid Reset
Today, Google disclosed a zero-day vulnerability in the HTTP/2 protocol. Imperva collaborated proactively with Google to gain advanced insights into this vulnerability. After a comprehensive inspection of this vulnerability by Imperva’s Product Development and Threat Research teams, we can confirm that Imperva’s existing DDoS mitigation strategies effectively defend this specific ... Read More
Understanding and Mitigating the MOVEit Incidents
Over the last several weeks, attackers have taken advantage of vulnerabilities in MOVEit, a popular file transfer application developed by Progress. Cyber attackers have successfully performed ransomware and exfiltrated data by uploading web shells into vulnerable MOVEit instances deployed worldwide. This breach poses a significant risk, not just due to ... Read More
Anonymous Sudan, MOVEit, and Cl0p
There are three concurrent events of significant concern: An Anonymous Sudan group chat on Telegram has revealed imminent threats from Russia to the US financial system, specifically targeting the SWIFT network. The motive behind this attack is disruption. By attacking SWIFT and inducing potential downtime, the attackers could feasibly destabilize ... Read More
Preparing for Heightened Attacks in the Current Geopolitical Environment
The current geopolitical environment has raised many concerns about security postures and readiness to respond to a cyberattack. Today, Imperva customers are protected by our world-class network, application, and data security products. Alongside that, Imperva Threat Research is closely monitoring the attack landscape for new emerging threats, vulnerabilities, attacks, and ... Read More
5 Things We’ve Learned About CVE-2021-44228
Over the last week, Imperva Threat Research observed interesting data points related to CVE-2021-44228. Despite new variants being discovered and patched by our team, we wanted to share five interesting things that we’ve learned from analyzing a subset of our overall global network traffic. Attacks & Attacked Sites Since last ... Read More
Continuing to Stay Ahead of CVE-2021-44228: Addressing Your Top Questions
Since it was disclosed on Friday, December 11, I have spoken with many customers about CVE-2021-44228 and the ways Imperva is working to ensure that they are protected. Countless others have contacted us with questions about ways to mitigate the impact from the Log4j vulnerability. In the spirit of transparency ... Read More
How We’re Protecting Customers & Staying Ahead of CVE-2021-44228
CVE-2021-44228 is a high profile vulnerability impacting multiple versions of a widely distributed Java software component, Apache Log4j 2. The specific vulnerability allows for unauthenticated remote code execution. For additional technical information, the team at LunaSec has an excellent technical writeup on their blog. In terms of magnitude, this will ... Read More
Imperva to acquire jSonar: A New Generation of Data Security
I’m thrilled to announce that Imperva has entered into an agreement to acquire jSonar! We view jSonar’s incredible product and technology as perfectly aligned with our mission to protect data and all paths to it. Together, we will be able to deliver a fundamentally new approach to data security to ... Read More
NIST Recognizes RASP as Critical to Lowering Risk
The United States Congress ratified the Cybersecurity Framework set forth by the National Institute of Standards and Technology (NIST) in 2014 to standardize the practices and controls that mitigate constantly evolving cyberthreats. The framework has been adopted by federal and local government entities as well as a growing number of ... Read More
Top 5 Cybersecurity Trends to Prepare for in 2020
I don’t need a crystal ball to predict that in 2020 cybersecurity attacks will accelerate and the tactics will evolve. We’ll continue to be hounded by greater volumes of the attacks that have threatened us for years and, as businesses adopt new innovations, new vulnerabilities to threats will surface. You ... Read More