GraphQL Vulnerabilities and Common Attacks: What You Need to Know
GraphQL is a powerful query language for APIs that has gained popularity in recent years for its flexibility and ability to provide a great developer experience. However, with the rise of GraphQL usage comes the potential for security vulnerabilities and attacks. In this blog post, we will describe what GraphQL ... Read More
Behind the Scenes of a Tailor-Made Massive Phishing Campaign
A global phishing campaign caught our attention after one of our colleagues was targeted by, and nearly fell victim, to a social engineering attack. The campaign involved more than 800 different scam domains and impersonated around 340 legitimate companies all over the world – including well-known banks, postal services, delivery ... Read More
Despite COVID-19 pandemic, Imperva reports number of vulnerabilities decreased in 2020
Imperva’s report, The State of Vulnerabilities in 2020 has revealed that unlike in previous years, researchers observed a fall in the number of vulnerabilities last year, even as businesses were compelled to accelerate digital transformation processes due to the COVID-19 pandemic. Vulnerabilities are defined as the gaps or weaknesses that ... Read More
CrimeOps of the KashmirBlack Botnet – Part II
Introduction The previous blog – “CrimeOps of the KasmirBlack Botnet – Part I” – described the DevOps behind the botnet. It showed how its well-designed infrastructure makes it easy to expand and add new exploits or payloads without much effort,and explained the evolution and version deployment of the botnet. The ... Read More
The Resurrection of PHPUnit RCE Vulnerability
Once a software patch is released, we tend to believe it means “problem solved”. Most of the time, however, this is not actually the case. Fully solving the problem requires all developers to grab the latest patch version and deploy it in their environment. Since upgrading isn’t an especially trivial ... Read More
