Imperva Threat Research
Unraveling an AI Scam with AI
The last year has seen an unprecedented surge in the use of Artificial Intelligence (AI) and its deployment across a variety of industries and sectors. Unfortunately, this revolutionary technology has not just ...
Overcoming Challenges in Delivering Machine Learning Models from Research to Production
So, you’ve finished your research. You developed a machine learning (ML) model, tested, and validated it and you’re now ready to start development, and then push the model to production. The hard ...
CVE-2023-34362 – MOVEit Transfer – An attack chain that retrieves sensitive information
MOVEit Transfer is a popular secure file transfer solution developed by Progress, a subsidiary of Ipswitch. At the moment, there are more than 2,500 MOVEit Transfer servers that are accessible from the ...
Why Attackers Target the Gaming Industry
Key Takeaways: The gaming industry is a common target for cyberattacks due to its financial success and vast user base. Volumetric DDoS attacks can disrupt service, distract from more serious attacks, and ...
Why Attackers Target the Government Industry
Key Takeaways: Government sites are full of information attackers want, so it’s crucial to defend them properly. DDoS is an easy tool for attackers to use to disrupt government sites, which can ...
The Anatomy of a Scalping Bot: NSB Goes Undercover & How it Avoids Detection
In the first blog post, we introduced you to the Nike Shoe Bot (NSB), one of the most dangerous scalping bots around. We outlined its purpose, its behavior, and described how we ...
CVE-2023-29552: Abusing the SLP Protocol to Launch Massive DDoS Amplification Attacks
On April 25, 2023, researchers at Bitsight and Curesec jointly discovered a high-severity vulnerability — tracked as CVE-2023-29552 — in the Service Location Protocol (SLP), a legacy Internet protocol. What is SLP ...
Imperva Red Team Discovers Vulnerability in TikTok That Can Reveal User Activity and Information
TL;DR The Imperva Red Team discovered a vulnerability in TikTok, a popular social media platform with more than one billion users worldwide, that could allow attackers to monitor users’ activity on both ...
The Anatomy of a Scalping Bot: NSB Was Copped!
In recent years, scalping bots have become a growing concern for online retailers. In this two-part blog series, we will analyze the inner workings of the Nike Shoe Bot (NSB) scalping bot, ...
Two-Week ATO Attack Mitigated by Imperva
Beginning on February 7, an Imperva-protected account was targeted by an ongoing account takeover (ATO) attack that lasted for two weeks. On average, attacks last a few hours or a couple days ...