The Anatomy of a Scalping Bot: NSB Was Copped!
In recent years, scalping bots have become a growing concern for online retailers. In this two-part blog series, we will analyze the inner workings of the Nike Shoe Bot (NSB) scalping bot, one of the most dangerous scalping bots around. We will take a closer look at the components of ... Read More
Log4Shell log4j Remote Code Execution – The COVID of the Internet
The Log4Shell zero day vulnerability is truly one of the most significant security threats of the past decade and its effects will be felt far into 2022 and beyond. Imperva has observed over 102M exploitation attempts across thousands of sites protected by Imperva Cloud Web Application Firewall (WAF). In the ... Read More
Bug hunting for a quick buck using WebLogic vulnerability (CVE-2020–14882)
Introduction Popular within the commercial sphere, Oracle WebLogic Server is a scalable enterprise Java platform application server for Java-based web applications. When a vulnerability is discovered in WebLogic, hackers will try to exploit it ASAP. And it’s not only hackers – bug hunters also want to make a quick buck ... Read More
Never Leave Your Cloud Database Publicly Accessible
Introduction In cybersecurity, we often hear about best practices, one of the most important of which is never to open services that should be for internal use to public access. These are best practices for a good reason – when you don’t follow them, you might be hacked! Research we ... Read More
Remote File Inclusion (RFI) – Detecting the Undetectable
Intro Remote File Inclusion [RFI] is an attack exploiting the functionality in web applications which allows the inclusion of external source code without validating its content or origin. An RFI payload is a link that points to a malicious file that an application will include in its code (example: url=[h]ttp://rfi.nessus.org/rfi.txt) ... Read More
Imperva Blocks Our Largest DDoS L7/Brute Force Attack Ever (Peaking at 292,000 RPS)
Imagine you’re a developer building a new web application. You’ve followed all of the security best practices, hired a reputable penetration testing company before launch, and gone through extensive bug fixing to remove any vulnerabilities. However, would you be confident that your application could survive the largest and longest DDoS ... Read More
The Ping is the Thing: Popular HTML5 Feature Used to Trick Chinese Mobile Users into Joining Latest DDoS Attack
DDoS attacks have always been a major threat to network infrastructure and web applications. Attackers are always creating new ways to exploit legitimate services for malicious purposes, forcing us to constantly research DDoS attacks in our CDN to build advanced mitigations. We recently investigated a DDoS attack which was generated ... Read More
Hundreds of Vulnerable Docker Hosts Exploited by Cryptocurrency Miners
Docker is a technology that allows you to perform operating system level virtualization. An incredible number of companies and production hosts are running Docker to develop, deploy and run applications inside containers. You can interact with Docker via the terminal and also via remote API. The Docker remote API is ... Read More