A now-patched vulnerability in the web version of Google Photos allowed malicious websites to expose where, when, and with whom your photos were taken.

Now-Patched Google Photos Vulnerability Let Hackers Track Your Friends and Location History

A now-patched vulnerability in the web version of Google Photos allowed malicious websites to expose where, when, and with whom your photos were taken. Background One trillion photos were taken in 2018 ...
How Our Threat Analytics Multi-Region Data Lake on AWS Stores More, Slashes Costs

How Our Threat Analytics Multi-Region Data Lake on AWS Stores More, Slashes Costs

Data is the lifeblood of digital businesses, and a key competitive advantage. The question is: how can you store your data cost-efficiently, access it quickly, while abiding by privacy laws? At Imperva, ...
How to Deploy a Graylog SIEM Server in AWS and Integrate with Imperva Cloud WAF

How to Deploy a Graylog SIEM Server in AWS and Integrate with Imperva Cloud WAF

Security Information and Event Management (SIEM) products provide real-time analysis of security alerts generated by security solutions such as Imperva Cloud Web Application Firewall (WAF). Many organizations implement a SIEM solution to ...
Mapping Communication Between Facebook Accounts Using a Browser-Based Side Channel Attack

Mapping Communication Between Facebook Accounts Using a Browser-Based Side Channel Attack

A now-patched vulnerability in the web version of Facebook Messenger allowed any website to expose who you have been messaging with. In a previous post, I showed how your Facebook likes, location ...
Hundreds of Vulnerable Docker Hosts Exploited by Cryptocurrency Miners

Hundreds of Vulnerable Docker Hosts Exploited by Cryptocurrency Miners

Docker is a technology that allows you to perform operating system level virtualization. An incredible number of companies and production hosts are running Docker to develop, deploy and run applications inside containers ...
cryptocurrency miner via website vulnerability

Latest Drupal RCE Flaw Used by Cryptocurrency Miners and Other Attackers

Another remote code execution vulnerability has been revealed in Drupal, the popular open-source Web content management system. One exploit — still working at time of this writing — has been used in ...
No One is Safe: the Five Most Popular Social Engineering Attacks Against Your Company’s Wi-Fi Network

No One is Safe: the Five Most Popular Social Engineering Attacks Against Your Company’s Wi-Fi Network

Your Wi-Fi routers and access points all have strong WPA2 passwords, unique SSIDs, the latest firmware updates, and even MAC address filtering. Good job, networking and cybersecurity teams! However, is your network ...
Network of platforms with bots on top botnet cybersecurity concept 3D illustration

The Challenges of DIY Botnet Detection – and How to Overcome Them

Botnets have been around for over two decades, and with the rise of the Internet of Things (IoT) they have spread further to devices no one imagined they would – printers, webcams, ...
Updated: This DDoS Attack Unleashed the Most Packets Per Second Ever. Here’s Why That’s Important.

Updated: This DDoS Attack Unleashed the Most Packets Per Second Ever. Here’s Why That’s Important.

(Updated April 30, 2019 with new data from an even larger attack. Skip directly to the bottom to learn more.) DDoS attacks are usually measured by the amount of bandwidth involved, such ...
Making daily notes

Seven Must-Dos to Secure MySQL 8.0

Most database breaches are blamed on insiders such as employees who are either malicious or whose security has been compromised. In fact, most of these breaches are actually caused by poor security ...