New research shows 75% of ‘open’ Redis servers infected

New research shows 75% of ‘open’ Redis servers infected

Since our initial report on the RedisWannaMine attack that propagates through open Redis and Windows servers, we’ve been hearing about more and more attacks on Redis servers. Redis is a great tool, it can serve as in-memory distributed database, cache or a message broker and is widely popular. Redis is ... Read More
drupalgeddon 2 attacks by date

Drupalgeddon 2.0: Are Hackers Slacking Off?

Ever since March 28th, when Drupal published a patch for a RCE named Drupalgeddon 2.0 (SA-CORE-2018-002/CVE-2018-7600), Imperva has been monitoring our cloud looking for hackers’ attempts to exploit the vulnerability, but found nothing. Until today. It somehow seems fitting that nefarious activity picked up today, Friday the 13th. After a ... Read More
RedisWannaMine Unveiled: New Cryptojacking Attack Powered by Redis and NSA Exploits

RedisWannaMine Unveiled: New Cryptojacking Attack Powered by Redis and NSA Exploits

Recently cryptojacking attacks have been spreading like wildfire. This week we saw a new generation of cryptojacking attacks aimed at both database servers and application servers. We dubbed one of these attacks RedisWannaMine. Read on ... Read More
Attack vector containing serialized java array into XML fig 5

Deserialization Attacks Surge Motivated by Illegal Crypto-mining

Imperva’s research group is constantly monitoring new web application vulnerabilities. In doing so, we’ve noticed at least four major insecure deserialization vulnerabilities that were published in the past year. Our analysis shows that, in the past three months, the number of deserialization attacks has grown by 300 percent on average, ... Read More

The State of Web Application Vulnerabilities in 2017

As a web application firewall provider, part of our job at Imperva is constantly monitoring new security vulnerabilities. To do this, we use internal software that collects information from various data sources such as vulnerability databases, newsletters, forums, social media and more, integrate it into a single repository, and assess ... Read More