June 12, 2024 at 05:06AM Cybersecurity firm Imperva reports the exploitation of a recent PHP vulnerability, CVE-2024-4577, in ransomware attacks just days after its public disclosure. The bug impacts Windows servers using Apache and PHP-CGI and was addressed with the release of PHP versions 8.1.29, 8.2.20, and 8.3.8. The TellYouThePass ransomware gang was observed exploiting … Read more
March 19, 2024 at 01:12PM APIs play a crucial role in digital modernization, with a majority of internet traffic attributed to API calls. The State of API Security in 2024 Report highlights the risks related to inadequate API management, particularly in the banking and online retail sectors. It emphasizes the need for continuous monitoring and … Read more
December 19, 2023 at 02:51AM The 8220 Gang exploits a high-severity flaw in Oracle WebLogic Server (CVE-2020-14883) to propagate their cryptojacking malware, using known security flaws to distribute it. Imperva documented recent attack chains, targeting healthcare, telecommunications, and financial services sectors in multiple countries. The group relies on simple, publicly available exploits and constantly evolves … Read more