Vast USPS Delivery Phishing Campaign Sees Threat Actors Abusing Freemium Dynamic DNS and SaaS Providers

Vast USPS Delivery Phishing Campaign Sees Threat Actors Abusing Freemium Dynamic DNS and SaaS Providers

You may be familiar with the common phishing tactics like fake emails or text messages from a hacker pretending to be someone at your place of work, or maybe it’s someone pretending ...
Using LLM’s for Heightened Cybersecurity: Supercharging Automated Takedowns With GPT

Using LLM’s for Heightened Cybersecurity: Supercharging Automated Takedowns With GPT

It takes a lot to surprise engineers working on AI, and have them call something magical. ChatGPT stands tall as one of those inventions. OpenAI unlocked a new world of truly, cognitive, ...
ICC World Cup 2023: Unmasking the Scams and Threats Targeting Fans Worldwide

ICC World Cup 2023: Unmasking the Scams and Threats Targeting Fans Worldwide

The ICC World Cup 2023, the 13th edition of the ICC Cricket World Cup, is set to take place in India, amidst a rapidly growing digital ecosystem developing around the world. The ...

New Vulnerability in Popular Widget Shows Risks of Third-Party Code

The Americans with Disabilities Act (ADA) includes requirements on companies falling within its scope to ensure their websites are accessible to individuals with disabilities. These requirements have created a strong incentive for ...

From Online Fraud to DDoS and API Abuse: The State of Security Within eCommerce in 2022

What are the biggest cybersecurity threats affecting online retailers today? The State of Security Within eCommerce in 2022 Report from Imperva is now available and answers that question. For this report, Imperva’s ...
Apache Texts Oct 19 2022

Apache Commons Text vulnerability CVE-2022-42889

| | Research labs
(Updated Oct. 19, 2022) CVE-2022-42889 was recently added to the NVD catalog, with a critical score of 9.8. This vulnerability allows remote code execution (RCE) in Apache Commons Text. It affects version ...

Microsoft Exchange Server Vulnerabilities CVE-2022-41040 and CVE-2022-41082

On September 29, Microsoft security researchers announced two new zero-day vulnerabilities, CVE-2022-41040 and CVE-2022-41082 affecting Microsoft Exchange Server. The vulnerabilities allow remote code execution (RCE) when used in tandem. It is important ...

What we know about VMWare CVE-2022–31656 and CVE-2022–31659

| | Research labs
Takeaways: VMWare Workspace ONE vulnerabilities CVE-2022-31656 and CVE-2022-31659 work in tandem to allow a remote attacker with network access to conduct remote code execution on the server. Imperva Threat Research has seen ...
Imperva Customers are protected from Atlassian Confluence CVE-2022-26134

Imperva Customers are protected from Atlassian Confluence CVE-2022-26134

This is an evolving storyline. Last update: June 4, 2022. On June 2, 2022, Atlassian published a security advisory regarding a CVE for versions of Confluence Server and Data Center applications greater ...
Imperva CVE 2021 44228 Classified Clients 1

5 Things We’ve Learned About CVE-2021-44228

| | Research labs
Over the last week, Imperva Threat Research observed interesting data points related to CVE-2021-44228. Despite new variants being discovered and patched by our team, we wanted to share five interesting things that ...