Syndicated Blog

Blog
Imperva Cybersecurity Blog

Understanding the OWASP API Security Top 10: Why BOLA is the Number One Risk for APIs

Understanding and addressing vulnerabilities is critical in cybersecurity, where APIs serve as the backbone for seamless data exchange. The OWASP API Security Top 10, revised in 2023, provides a comprehensive guide to ...
Breaking it Down: A Data-Centric Security Perspective on NIST Cybersecurity Framework 2.0

Breaking it Down: A Data-Centric Security Perspective on NIST Cybersecurity Framework 2.0

| | Data Security, NIST
On February 26, 2024, NIST released version 2.0 of the Cybersecurity Framework. This blog reviews the fundamental changes introduced in CSF 2.0 and data-centric security considerations that should be made when aligning ...
Why it Pays to Have a Comprehensive API Security Strategy

Why it Pays to Have a Comprehensive API Security Strategy

In an era dominated by digital connectivity and rapid technological advancements, Application Programming Interfaces (APIs) play a pivotal role in facilitating seamless communication and data exchange between diverse software applications. As API ...
Navigating the Waters of Generative AI

Navigating the Waters of Generative AI

| | AI, Data Security, generative AI
Part I: The Good and the Bad of AI Few would argue that 2023 was the year AI, specifically generative AI (Gen AI) like ChatGPT, was discussed everywhere. In October, Forrester published ...

Imperva Customers are Protected Against New SQL Injection Vulnerability in WordPress Plugin

A critical security flaw, identified as CVE-2024-1071, was discovered in the Ultimate Member plugin for WordPress, affecting over 200,000 active installations. This vulnerability has a high severity CVSS score of 9.8 and ...
Latest Research Reveals Rise in API Attacks in 2023, Putting Businesses at Risk in 2024

Latest Research Reveals Rise in API Attacks in 2023, Putting Businesses at Risk in 2024

| | Application Security
The State of API Security in 2024 Report highlights how APIs and their increased usage are significantly changing the threat landscape. In 2023, the number of API-targeted attacks rose significantly.  Attacks targeting ...
Verizon 2023 Data Breach Investigations

Healthcare Needs Risk-Based Cybersecurity for Comprehensive, Effective Protection

| | Data Security
In the first blog post of this three-blog series, we discussed the extraordinarily powerful “perfect storm” of cyber risk faced by healthcare organizations. The second blog post reviews how data security risks ...

Imperva successfully defends against CVE-2024-25600 in WordPress Bricks Builder

A critical vulnerability in the Bricks Builder site builder for WordPress, identified as CVE-2024-25600, is currently under active exploitation, and poses a significant threat to over 25,000 sites. This flaw, with a ...
Threat Hunting Powered by Efficient and Straightforward Anomaly Detection on Your Data Lake

Threat Hunting Powered by Efficient and Straightforward Anomaly Detection on Your Data Lake

Effective monitoring and anomaly detection within a data environment are crucial, particularly in today’s data-driven landscape. At Imperva Threat Research, our data lake serves as the backbone for a range of critical ...
Attackers Quick to Weaponize CVE-2023-22527 for Malware Delivery

Attackers Quick to Weaponize CVE-2023-22527 for Malware Delivery

On January 16, 2024, Atlassian disclosed a critical vulnerability affecting Confluence Data Center and Confluence Server, tracked as CVE-2023-22527. The vulnerability is an unauthenticated OGNL injection bug, allowing unauthenticated attackers to execute ...