Collaborate Disseminate
I don’t need a crystal ball to predict that in 2020 cybersecurity attacks will accelerate and the tactics will evolve. We’ll continue to be hounded by greater volumes of the attacks that have threatened us for years and, as businesses adopt… Continue reading Top 5 Cybersecurity Trends to Prepare for in 2020
Why configuration management system was a must for our network, and how we chose SaltStack When we planned and designed the network automation at Imperva Cloud, we split our automation systems into three different systems, where each of the systems has… Continue reading Adding Some Salt to Our Network – Part 1
Whenever new WAF clients are brought aboard, there’s a procedure they must follow in order to properly configure their servers to work behind the WAF protection. You can find an example of the Imperva Cloud WAF onboarding procedure here. Sometime… Continue reading How to Maximize Your WAF
Understanding an attacker’s workflow and how Attack Analytics hunts them down In recent years we’ve seen a significant increase in the number and complexity of cyber-attacks. The accessibility of public tools and their automation cap… Continue reading From Thousands of Security Alerts to a Handful of Insights
A botnet is a network of compromised computers – known as bots – usually controlled by a command and control computer, that work together in coordination for a malicious purpose. In this blog post, we’ll discuss how to detect botnets … Continue reading Detecting Account Takeover Botnets
On October 22, security researcher Omar Ganiev published a tweet regarding remote code execution vulnerability in PHP-FPM (the FastCGI Process Manager) running on the Nginx server. The tweet includes a link to a GitHub repository with an explanation of… Continue reading Tracking CVE-2019-11043 PHP Vulnerability – An Uncommon Chain of Events
Inspired by an article by Watchfire from 2005, we recently explored an old attack technique named HTTP Request Smuggling and checked it against our WAF protection. By coincidence, it turned out someone else was also exploring this technique at the same… Continue reading HTTP Desync Attacks in the Wild and How to Defend Against Them
We’ve learned over time that we develop products not for us the company, but for you, the customer, to help resolve your problems. But just resolving a customer’s problem is not enough – the product should also be intuitive and easy t… Continue reading The Importance of the Customer’s Feedback in Product Design
A well-known RTOS (Real-Time Operating System), widely used in industrial sectors, is at risk from a series of 11 vulnerabilities dubbed URGENT/11.
Nozomi Networks Labs conducted research on the vulnerable devices and has released threat signatures for… Continue reading URGENT/11 – New ICS Threat Signatures by Nozomi Networks Labs
Today at Black Hat USA we’re presenting an innovative power grid cyber security solution that greatly improves monitoring of intelligent electronic devices (IEDs).
Using the IEC 62351 standard for monitoring industrial networks, we demonstrate h… Continue reading Black Hat: The Future of Securing Power Grid Intelligent Devices