Clik here to view.
Australian Cyber Attack Vectors Blocked Out of the Box by Imperva WAF
On June 18, 2020, the Australian Cyber Security Centre (ACSC) released a disclosure detailing a ‘sophisticated’ and sustained attack against Australian government bodies and companies. The disclosure...
View ArticleClik here to view.
Imperva Observes Hive of Activity Following Hafnium Microsoft Exchange...
Introduction On 2 March 2021, Microsoft and Veloxity produced disclosures outlining the discovery of four zero day vulnerabilities affecting multiple versions of Microsoft Exchange Server. Each of the...
View ArticleClik here to view.
Log4Shell log4j Remote Code Execution – The COVID of the Internet
The Log4Shell zero day vulnerability is truly one of the most significant security threats of the past decade and its effects will be felt far into 2022 and beyond. Imperva has observed over 102M...
View ArticleClik here to view.
Imperva Protects from New Spring Framework Zero-Day Vulnerabilities
New zero-day Remote Code Execution (RCE) vulnerabilities were discovered in Spring Framework, an application development framework and inversion of control container for the Java platform. The...
View ArticleMicrosoft Exchange Server Vulnerabilities CVE-2022-41040 and CVE-2022-41082
On September 29, Microsoft security researchers announced two new zero-day vulnerabilities, CVE-2022-41040 and CVE-2022-41082 affecting Microsoft Exchange Server. The vulnerabilities allow remote code...
View ArticleManageEngine Vulnerability CVE-2022-47966
Recently, Zoho ManageEngine released a security advisory for CVE-2022-47966, which allows for pre-authentication remote code execution in at least 24 ManageEngine products, including ADSelfService Plus...
View ArticleClik here to view.
Imperva Detects Undocumented 8220 Gang Activities
Imperva Threat Research has detected previously undocumented activity from the 8220 gang, which is known for the mass deployment of malware using a variety of continuously evolving TTPs. This threat...
View ArticleClik here to view.
Imperva uncovers new Indicators of Compromise for FBI and CISA-flagged...
On January 16, a joint alert from FBI and CISA warned about a concerning development: the emergence of a botnet driven by AndroxGh0st malware targeting vulnerable applications and web servers....
View ArticleClik here to view.
Attackers Quick to Weaponize CVE-2023-22527 for Malware Delivery
On January 16, 2024, Atlassian disclosed a critical vulnerability affecting Confluence Data Center and Confluence Server, tracked as CVE-2023-22527. The vulnerability is an unauthenticated OGNL...
View ArticleClik here to view.
New Sysrv Botnet Variant Makes Use of Google Subdomain to Spread XMRig Miner
Sysrv is a well-documented botnet first identified in 2020, with the main payload being a worm written in Golang. It drops a cryptominer onto infected hosts before attempting to propagate itself using...
View ArticleClik here to view.
Update: CVE-2024-4577 quickly weaponized to distribute “TellYouThePass”...
Introduction Recently, Imperva Threat Research reported on attacker activity leveraging the new PHP vulnerability, CVE-2024-4577. From as early as June 8th, we have detected attacker activity...
View ArticleClik here to view.
Trouble in Da Hood: Malicious Actors Use Infected PyPI Packages to Target...
The world of gaming can be a cut-throat place, with many players turning to online help via third-party programs (‘game hacks’) to get ahead. Although some of these programs offer legitimate game...
View Article