18 posts categorized "Nadav Avital"

January 17, 2017

On December 25th 2016, a critical new vulnerability in PHPMailer was made public. The open source PHP library for email handling embeds email functionality in web applications. This recent vulnerability takes advantage of insufficient validation...Read More
Share:
Share on LinkedIn
  • Authors & Topics:
  • Permalink
  • Comments (0)

December 29, 2016

Part of our job on the Imperva web application security team is supplying inclusive mitigation to new security vulnerabilities in web applications as soon as they become public. Imperva continually gathers information regarding new vulnerabilities...Read More
Share:
Share on LinkedIn
  • Authors & Topics:
  • Permalink
  • Comments (0)

December 06, 2016

Phishing is the starting point for most data breaches. People are the weakest link to an organization’s security posture. Current approaches to controlling the proliferation of phishing have shown no signs of success. Imperva advocates...Read More
Share:
Share on LinkedIn
  • Authors & Topics:
  • Permalink
  • Comments (0)

November 14, 2016

Joomla! CVE-2016-8870 & CVE-2016-8869 This blog analyzes the privilege escalation vulnerability in Joomla! CMS and its exploitation in the wild. Based on the attack traffic, we show the statistics of the attack including a spike...Read More
Share:
Share on LinkedIn
  • Authors & Topics:
  • Permalink
  • Comments (0)

August 03, 2016

It was November 2015 when I heard the high-pitched excitement of a researcher from our Imperva Defense Center – “HTTP/2 is susceptible to slow read attacks!” It was like déjà vu all over again; five...Read More
Share:
Share on LinkedIn
  • Authors & Topics:
  • Permalink
  • Comments (0)

March 26, 2016

Three months after the previous report we thought it is a good opportunity to check in on the CVEs registered by Imperva SecureSphere Web Application Firewalls. We found some interesting trends – highlighting the most...Read More
Share:
Share on LinkedIn
  • Authors & Topics:
  • Permalink
  • Comments (0)

February 22, 2016

When you hear about the recent devastating attacks involving smartphones, malware infection of Android/iOS comes naturally to your mind. However, once you take a closer look at these mobile security incidents, you will be surprised...Read More
Share:
Share on LinkedIn
  • Authors & Topics:
  • Permalink
  • Comments (0)

January 15, 2016

[Warning: Spoilers!] Mr. Robot’s win at this week’s Golden Globes surprised many people, but we at Imperva weren’t among them. How could we not love a show about cyber security? It deserved the award for...Read More
Share:
Share on LinkedIn
  • Authors & Topics:
  • Permalink
  • Comments (1)

December 21, 2015

Back in 2014, we had predicted (for 2015) that most enterprises would mostly lose their battle against the endless number of patches required for their servers due to the exploding number of CVEs. 2015 indeed...Read More
Share:
Share on LinkedIn
  • Authors & Topics:
  • Permalink
  • Comments (0)

December 17, 2015

Virtual Patching may have its humble beginnings from when the IPS devices first reaped its benefits, today it is, even more, invaluable in our fight against zero-day attacks against web applications. We are going to...Read More
Share:
Share on LinkedIn
  • Authors & Topics:
  • Permalink
  • Comments (0)