HTTP/2 CONTINUATION Flood Vulnerability

HTTP/2, a widely adopted web communication protocol, organizes data transmission through a binary framing layer, wherein all communication is divided into smaller messages called frames, each identified by a specific type, such as headers, data, and continuation frames. HTTP/2 HEADER frames facilitate the transmission of HTTP headers for requests and ... Read More
Imperva Customers are protected from Atlassian Confluence CVE-2022-26134

Imperva Customers are protected from Atlassian Confluence CVE-2022-26134

This is an evolving storyline. Last update: June 4, 2022. On June 2, 2022, Atlassian published a security advisory regarding a CVE for versions of Confluence Server and Data Center applications greater than 1.3.0. The advisory details a critical severity unauthenticated remote code execution vulnerability and is identified as CVE-2022-26134 ... Read More

Five Takeaways from FlexBooker’s Data Breach

A few weeks ago, an appointment scheduling solution, FlexBooker notified its customers that it had been breached. Although Imperva has no specific insider knowledge into what happened during the breach, we can learn a lot from the breach notification. In this blog, we’ll review the content contained in FlexBooker’s data ... Read More
Annual Imperva Hackathon Inspires 2022 Product Roadmap

Annual Imperva Hackathon Inspires 2022 Product Roadmap

Bold ideas, diverse thought and challenging the status quo sum up the Imperva state-of-mind. We’re always looking to inspire the next big innovation that can transform the future of the cybersecurity industry. But if there’s anything the past year and a half has taught us, it’s that transformative doesn’t necessarily ... Read More
Python 1

Python Cryptominer Botnet Quickly Adopts Latest Vulnerabilities

| | Research labs
Over the last few days, Imperva researchers have monitored the emergence of a new botnet, one whose primary activity is performing different DDoS attacks and mining cryptocurrency. It also acts as a worm trying to extend its reach by scanning specific subnets and ports and using different remote code execution ... Read More
010221 Img 1

2020 Ends With A Bang

December 2020 was an eventful month in cyber security. This blog recaps three of the major security events we saw towards the end of last year. December began with FireEye’s breach announcement that included a leak of its red team tools arsenal. Quickly after this announcement, Imperva Threat Research group ... Read More
Imperva Hackathon

Virtual Hackathon Generates Next Generation of Imperva Innovation

“How do we run a global hackathon amid a global pandemic?” That was my first thought when I began planning the 2020 Imperva Hackathon earlier this year. While the event is designed to foster innovation and uncover new ideas, in a global company like ours it’s also about making new ... Read More
largest ddos attack

Imperva mitigates largest DDoS attacks of 2020… so far…

The word “unprecedented” has never been used so much as it has during 2020. And in the latest of many unprecedented events, July saw the two largest recorded DDoS attacks of the year so far. As revealed in our July 2020 Cyber Threat Index Report, published today, Imperva Research Labs ... Read More
ATO normal login

Imperva Takes on its Largest Recorded Account Takeover Attack on a Single Company

Imperva recently detected and mitigated the largest – and most concentrated – series of brute force ATO (account takeover) attacks in its history. Over the course of 60 hours from midnight on October 28, our ATO team’s monitoring systems detected more than 44 million ATO attempts on the login page ... Read More

Surge in online traffic increases risk to businesses

Imperva Research Labs has been monitoring the data across our thousands of customers since the outbreak of COVID-19. In reviewing anonymized data from our CyberThreat Index, we see new risks and several initial security implications from this pandemic for our customers and global businesses. We will share an ongoing stream ... Read More