On January 16, 2024, Atlassian disclosed a critical vulnerability affecting Confluence Data Center and Confluence Server, tracked as CVE-2023-22527. The vulnerability is an unauthenticated OGNL injection bug, allowing unauthenticated attackers to execute Java expressions, invoke methods, navigate object relationships, and…
Category: Blog
The New York Times vs. OpenAI: A Turning Point for Web Scraping?
In a recent blog, we covered the blurry lines of legality surrounding web scraping and how the advent of artificial intelligence (AI) and large language models (LLMs) further complicates the matter. Shortly after publishing the blog, a significant legal development…
XSS Marks the Spot: Digging Up Vulnerabilities in ChatGPT
With its widespread use among businesses and individual users, ChatGPT is a prime target for attackers looking to access sensitive information. In this blog post, I’ll walk you through my discovery of two cross-site scripting (XSS) vulnerabilities in ChatGPT and…
Hacking Microsoft and Wix with Keyboard Shortcuts
Browser vendors continuously tweak and refine browser functionalities to improve security. Implementing same-site cookies is a prime example of vendors’ efforts to mitigate Cross-Site Request Forgery (CSRF) attacks. However, not all security measures are foolproof. In their quest to combat…
Will VPN Security Vulnerabilities Accelerate ZTNA Adoption?
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: Will VPN Security Vulnerabilities Accelerate ZTNA Adoption?
What?s Next for Akamai?s Cloud Computing Strategy
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: What?s Next for Akamai?s Cloud Computing Strategy
Python’s Colorama Typosquatting Meets ‘Fade Stealer’ Malware
As our hunt against malicious Python packages continues, Imperva Threat Research recently discovered an attempt to masquerade Fade Stealer malware as a nondescript package, Colorama. Why Colorama? Colorama is a package used by developers to add color and style to…
Imperva defends customers against CVE-2024-22024 in Ivanti products
Ivanti recently published an urgent warning about an authentication bypass in Ivanti Connect Secure, Ivanti Policy Secure, and ZTA gateways, tracked as CVE-2024-22024. The bug, which carries a severity score of 8.3, was discovered during an internal review. Since its…
The Added Value of SNI-Only Mode in Imperva Cloud WAF
Imperva has modified the default behavior for new cloud WAF sites, now enforcing Server Name Indication (SNI)-only traffic by default. This shift is aimed at optimizing the utilization of TLS-related features, both those currently in place and those slated for…
Data Matters ? Is Your API Security Data Rich or Data Poor?
Taking a data-rich approach to security is the most effective way to stay a step ahead of today?s quickly evolving API threats. This article has been indexed from Blog Read the original article: Data Matters ? Is Your API Security…
Say Goodbye to Monolithic EdgeWorkers: Introducing Flexible Composition (Part 2)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: Say Goodbye to Monolithic EdgeWorkers: Introducing Flexible Composition (Part 2)
Security Flaw in CoCalc: One Click and Your Cloud is Ruined
TL;DR Imperva Threat Research discovered and reported a security flaw in the CoCalc Cloud environment. The flaw enabled potential attackers to completely take over a target’s account with only a single click from the victim. This flaw was due primarily…
Do Any HTTP Clients Not Support SNI?
In this blog post, we’ll share the results of an internal research project we conducted on our CDN customers focused on websites that are getting non-Server Name Indication (SNI) traffic. The goal of our research was to answer the following…
Akamai Named an Overall Leader for Zero Trust Network Access
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: Akamai Named an Overall Leader for Zero Trust Network Access
The AnyDesk Breach: Overview and Recommendations
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: The AnyDesk Breach: Overview and Recommendations
The Web Scraping Problem, Part 2: Use Cases that Require Scraping
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: The Web Scraping Problem, Part 2: Use Cases that Require Scraping
What to Do When Your VPN Provider Suffers from Zero-Day Vulnerabilities
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: What to Do When Your VPN Provider Suffers from Zero-Day Vulnerabilities
Stop Scrapers and Scalpers with Akamai Content Protector
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: Stop Scrapers and Scalpers with Akamai Content Protector
The Web Scraping Problem, Part 3: Protecting Against Botnets
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: The Web Scraping Problem, Part 3: Protecting Against Botnets
Frog4Shell ? FritzFrog Botnet Adds One-Days to Its Arsenal
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: Frog4Shell ? FritzFrog Botnet Adds One-Days to Its Arsenal