16 posts categorized "Nadav Avital"

December 06, 2016

Phishing is the starting point for most data breaches. People are the weakest link to an organization’s security posture. Current approaches to controlling the proliferation of phishing have shown no signs of success. Imperva advocates...Read More
Share:
Share on LinkedIn
  • Authors & Topics:
  • Permalink
  • Comments (0)

November 14, 2016

Joomla! CVE-2016-8870 & CVE-2016-8869 This blog analyzes the privilege escalation vulnerability in Joomla! CMS and its exploitation in the wild. Based on the attack traffic, we show the statistics of the attack including a spike...Read More
Share:
Share on LinkedIn
  • Authors & Topics:
  • Permalink
  • Comments (0)

August 03, 2016

It was November 2015 when I heard the high-pitched excitement of a researcher from our Imperva Defense Center – “HTTP/2 is susceptible to slow read attacks!” It was like déjà vu all over again; five...Read More
Share:
Share on LinkedIn
  • Authors & Topics:
  • Permalink
  • Comments (0)

March 26, 2016

Three months after the previous report we thought it is a good opportunity to check in on the CVEs registered by Imperva SecureSphere Web Application Firewalls. We found some interesting trends – highlighting the most...Read More
Share:
Share on LinkedIn
  • Authors & Topics:
  • Permalink
  • Comments (0)

February 22, 2016

When you hear about the recent devastating attacks involving smartphones, malware infection of Android/iOS comes naturally to your mind. However, once you take a closer look at these mobile security incidents, you will be surprised...Read More
Share:
Share on LinkedIn
  • Authors & Topics:
  • Permalink
  • Comments (0)

January 15, 2016

[Warning: Spoilers!] Mr. Robot’s win at this week’s Golden Globes surprised many people, but we at Imperva weren’t among them. How could we not love a show about cyber security? It deserved the award for...Read More
Share:
Share on LinkedIn
  • Authors & Topics:
  • Permalink
  • Comments (1)

December 21, 2015

Back in 2014, we had predicted (for 2015) that most enterprises would mostly lose their battle against the endless number of patches required for their servers due to the exploding number of CVEs. 2015 indeed...Read More
Share:
Share on LinkedIn
  • Authors & Topics:
  • Permalink
  • Comments (0)

December 17, 2015

Virtual Patching may have its humble beginnings from when the IPS devices first reaped its benefits, today it is, even more, invaluable in our fight against zero-day attacks against web applications. We are going to...Read More
Share:
Share on LinkedIn
  • Authors & Topics:
  • Permalink
  • Comments (0)

December 03, 2015

On November 6th, 2015 security researchers of FoxGlove Security released zero-day exploits for WebSphere, WebLogic, JBoss, Jenkins, and OpenNMS, facilitating in some cases Remote Code Execution attacks on application servers using these technologies. The popularity...Read More
Share:
Share on LinkedIn
  • Authors & Topics:
  • Permalink
  • Comments (0)

November 25, 2014

In September, a bug in GNU Bash was publicly exposed in the wild and rained fire on computer systems on premise and in the cloud due to the simple attack vector and the effect on...Read More
Share:
Share on LinkedIn
  • Authors & Topics:
  • Permalink
  • Comments (0)