Research & Reports
Now-Patched Google Photos Vulnerability Let Hackers Track Your Friends and Location History
Ron Masas | | Application Security, google, Javascript, location history, photos, Research & Reports, search, side-channel attack, social media, vulnerability
A now-patched vulnerability in the web version of Google Photos allowed malicious websites to expose where, when, and with whom your photos were taken. Background One trillion photos were taken in 2018 ...
How Our Threat Analytics Multi-Region Data Lake on AWS Stores More, Slashes Costs
Ori Nakar | | Amazon Web Services, analytics, Application Security, aws, Azure Storage, data lake, database, Hadoop HDFS, Research & Reports, unstructured data
Data is the lifeblood of digital businesses, and a key competitive advantage. The question is: how can you store your data cost-efficiently, access it quickly, while abiding by privacy laws? At Imperva, ...
How to Deploy a Graylog SIEM Server in AWS and Integrate with Imperva Cloud WAF
Jonathan Gruber | | analytics, Application Security, event logs, Graylog, Imperva Cloud WAF, Research & Reports, security events, SIEM, Web Application Firewall
Security Information and Event Management (SIEM) products provide real-time analysis of security alerts generated by security solutions such as Imperva Cloud Web Application Firewall (WAF). Many organizations implement a SIEM solution to ...
Mapping Communication Between Facebook Accounts Using a Browser-Based Side Channel Attack
Ron Masas | | Application Delivery, application state, browser, CSFL, facebook, Facebook Messenger, iframe, metadata, Research & Reports, side-channel attack, vulnerability
A now-patched vulnerability in the web version of Facebook Messenger allowed any website to expose who you have been messaging with. In a previous post, I showed how your Facebook likes, location ...
Hundreds of Vulnerable Docker Hosts Exploited by Cryptocurrency Miners
Vitaly Simonovich | | Application Security, cryptocurrency, Data Security, DEVOPS, Docker, misconfiguration, rce, remote API, Remote Code Execution, Research & Reports, server host, Virtualization
Docker is a technology that allows you to perform operating system level virtualization. An incredible number of companies and production hosts are running Docker to develop, deploy and run applications inside containers ...
Latest Drupal RCE Flaw Used by Cryptocurrency Miners and Other Attackers
Edi Kogan | | Application Security, CMS, content management system, DirtyCOW, Drupal, Drupalgeddon, Exploit, rce, remote code execution vulnerability, Research & Reports, website
Another remote code execution vulnerability has been revealed in Drupal, the popular open-source Web content management system. One exploit — still working at time of this writing — has been used in ...
No One is Safe: the Five Most Popular Social Engineering Attacks Against Your Company’s Wi-Fi Network
tshabi | | Application Security, Attack, encryption, hacker, MAC address, Research & Reports, social engineering, SSID, Wi-Fi
Your Wi-Fi routers and access points all have strong WPA2 passwords, unique SSIDs, the latest firmware updates, and even MAC address filtering. Good job, networking and cybersecurity teams! However, is your network ...
The Challenges of DIY Botnet Detection – and How to Overcome Them
Johnathan Azaria | | Application Security, backdoor uploader, botnet, botnet detection, command-and-control server, ddos, DDoS Mitigation, hacking tool, iot, layer 7 attack, Remote Code Execution, Research & Reports, spambot, sql injection
Botnets have been around for over two decades, and with the rise of the Internet of Things (IoT) they have spread further to devices no one imagined they would – printers, webcams, ...
Updated: This DDoS Attack Unleashed the Most Packets Per Second Ever. Here’s Why That’s Important.
Tomer Shani | | DDoS attacks, DDoS Mitigation, DDoS Report, Memcached, Mpps, packets-per-second, Research & Reports
(Updated April 30, 2019 with new data from an even larger attack. Skip directly to the bottom to learn more.) DDoS attacks are usually measured by the amount of bandwidth involved, such ...
Seven Must-Dos to Secure MySQL 8.0
Most database breaches are blamed on insiders such as employees who are either malicious or whose security has been compromised. In fact, most of these breaches are actually caused by poor security ...