From ChatBot To SpyBot: ChatGPT Post Exploitation
In the second installment of our blog post series on ChatGPT, we delve deeper into the security implications that come with the integration of AI into our daily routines. Building on the ...
New Sysrv Botnet Variant Makes Use of Google Subdomain to Spread XMRig Miner
Sysrv is a well-documented botnet first identified in 2020, with the main payload being a worm written in Golang. It drops a cryptominer onto infected hosts before attempting to propagate itself using ...
Understanding the OWASP API Security Top 10: Why BOLA is the Number One Risk for APIs
Understanding and addressing vulnerabilities is critical in cybersecurity, where APIs serve as the backbone for seamless data exchange. The OWASP API Security Top 10, revised in 2023, provides a comprehensive guide to ...
Breaking it Down: A Data-Centric Security Perspective on NIST Cybersecurity Framework 2.0
On February 26, 2024, NIST released version 2.0 of the Cybersecurity Framework. This blog reviews the fundamental changes introduced in CSF 2.0 and data-centric security considerations that should be made when aligning ...
Why it Pays to Have a Comprehensive API Security Strategy
In an era dominated by digital connectivity and rapid technological advancements, Application Programming Interfaces (APIs) play a pivotal role in facilitating seamless communication and data exchange between diverse software applications. As API ...
Navigating the Waters of Generative AI
Part I: The Good and the Bad of AI Few would argue that 2023 was the year AI, specifically generative AI (Gen AI) like ChatGPT, was discussed everywhere. In October, Forrester published ...
Imperva Customers are Protected Against New SQL Injection Vulnerability in WordPress Plugin
A critical security flaw, identified as CVE-2024-1071, was discovered in the Ultimate Member plugin for WordPress, affecting over 200,000 active installations. This vulnerability has a high severity CVSS score of 9.8 and ...
Latest Research Reveals Rise in API Attacks in 2023, Putting Businesses at Risk in 2024
The State of API Security in 2024 Report highlights how APIs and their increased usage are significantly changing the threat landscape. In 2023, the number of API-targeted attacks rose significantly. Attacks targeting ...
Healthcare Needs Risk-Based Cybersecurity for Comprehensive, Effective Protection
In the first blog post of this three-blog series, we discussed the extraordinarily powerful “perfect storm” of cyber risk faced by healthcare organizations. The second blog post reviews how data security risks ...
Imperva successfully defends against CVE-2024-25600 in WordPress Bricks Builder
Gabi Stapel | | Bricks Builder, CVE-2024-25600, imperva, Imperva Threat Research, vulnerability, wordpress
A critical vulnerability in the Bricks Builder site builder for WordPress, identified as CVE-2024-25600, is currently under active exploitation, and poses a significant threat to over 25,000 sites. This flaw, with a ...