160*600

Imperva Breach Exposes WAF Customers' Data, Including SSL Certs, API Keys

 

 Imperva, one of the leading cybersecurity startups that helps businesses protect critical data and applications from cyberattacks, has suffered a data breach that has exposed sensitive information for some of its customers, the company revealed today.

The security breach particularly affects customers of Imperva's Cloud Web Application Firewall (WAF) product, formerly known as Incapsula, a security-focused CDN service known for its DDoS mitigation and web application security features that protect websites from malicious activities.


 In a blog post published today, Imperva CEO Chris Hylen revealed that the company learned about the incident on August 20, 2019, only after someone informed it about the data exposure that "impacts a subset of customers of its Cloud WAF product who had accounts through September 15, 2017."



 The exposed data includes email addresses and hashed and salted passwords for all Cloud WAF customers who registered before 15th September 2017, as well as API keys and customer-provided SSL certificates for a subset of users.

The company has not yet revealed how the Cloud WAF customers' data got leaked, whether its servers were compromised or if it was accidentally left unsecured in a misconfigured database on the Internet.

However, Imperva is still investigating the incident, and the company has ensured that it is informing all impacted customers directly and is also taking additional measures to scale up its security.

Comments

Post a Comment

Popular posts from this blog

Image
TOR Fone p2p secure and anonymous VoIP tool The fundamental right to privacy, guaranteed by the Fifth and Fourteenth Amendments to the U. S. Constitution, protects against unwarranted invasions of privacy by federal or state entities, or arms thereof. Internet telephony  is now an important part of people communications and should be protected from intruders, collecting information about you. I had an idea to use the old PGPFone designed by Philip Zimmermann for these purposes by adding the possibility to use The Onion Router anonymizer to ensure anonymity of callers. I did some tests to adopt VoIP transport to TOR tunnels and eventually made acceptable alpha release.  Now the beta version is available which includes an improved cryptography, new voice codecs and lot of other new features. As a result, the  TORFone  was designed to communicate voice via Internet (make phone calls to the addressee) similarly to Skype but with the following difference
Read more

How to hack whatsapp And how to prevent from being hacked

Image
Top 5 Ways to Hack WhatsApp Accounts Using Ethical Hacking How to hack WhatsApp accounts using Ethical hacking is probably one of the most searched things on the Internet. In this blog, we are going to look at how the security of WhatsApp can be compromised and how your data Disclaimer : This blog is totally meant for learning purposes. The techniques discussed here are to make you more informed and aware of the various malicious ways a hacker can exploit to steal your private information! Is hacking WhatsApp possible? WhatsApp is a cross-platform messaging service owned by Facebook and is developed by most intelligent developers. It has end-to-end encryption that enables only the sender and the receiver to see what is sent. It frequently resolves the security issues faced by users as well. Certain things cannot be controlled by developers. For example, if you tell someone your email password and that person misuses it, then it is not exactly hacking. Nonetheless, even in this case, pe
Read more