GitHub Security Alerts are keeping developers’ code safer

Haythem Elmir

The code hosting service GitHub confirmed that the introduction of GitHub security alerts in November allowed to obtain a significant reduction of vulnerable code libraries on the platform. Github alerts warn developers when including certain flawed software libraries in their projects and provide advice on how to address the issue. Last year GitHub first […]

A “highly critical” flaw affects Drupal 7 and 8 core, Drupal security updates expected on March 28th

Haythem Elmir

Drupal Security Team confirmed that a “highly critical” vulnerability affects Drupal 7 and 8 core and announced the availability of security updates on March 28th. A “highly critical” vulnerability affects Drupal 7 and 8 core and Drupal developers are currently working to address it. Drupal maintainers initially planned to issue a security […]

Hackers leave ransom note after wiping out MongoDB in 13 seconds

Haythem Elmir

For the last couple of years, hackers have been exploiting unprotected MongoDBbased servers to steal data and hold the exposed databases for ransom. In order to raise awareness, hackers leaked 36 million records of internal data collected from several vulnerable servers. The seriousness of the matter can be understood by the fact that in July of 2015 John Matherly […]

Google is distributing more Meltdown and Spectre Patches for Chrome OS devices

Haythem Elmir

Google announced that mitigations for devices with Intel processors that are affected by the Spectre and Meltdown vulnerabilities will be available for latest stable channel update for Google’s Chrome OS operating system. The Meltdown and Spectre attacks could be exploited by attackers to bypass memory isolation mechanisms and access target sensitive data. The Meltdown attack could allow attackers […]

Q4 2017 Global DDoS Threat Landscape Report

Haythem Elmir

Today we are releasing our latest Global DDoS Threat Landscape Report, a statistical analysis of 5,055 network and application layer DDoS attacks mitigated by Imperva Incapsula services during Q4 2017. In Q4, the number of application layer attacks nearly doubled, just as the number of network layer assaults declined. In both cases, […]