Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

8/27/2019
05:00 PM
100%
0%

Imperva Customer Database Exposed

A subset of customers for the company's Incapsula web application firewall had their email addresses, hashed/salted passwords, and more open to unauthorized access, Imperva announced.

Imperva has announced that the cloud web application firewall product formerly called Incapsula suffered a data exposure that allowed unauthorized access to customer data. The company said that a third party informed it on August 20 of the exposure, which affets customers who had Incapsula accounts through September 15, 2017.

According to the notice posted on the CEO's blog, a subset of Incapsula customers had email addresses, hashed and salted passwords, API keys, and customer-provided SSL certificates exposed. The blog post notes that the company is taking a variety of actions addressing the exposure, from engaging forensics experts and informing affected customers to forcing password rotations.

For more, read here.

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "'Culture Eats Policy for Breakfast': Rethinking Security Awareness Training."

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Alexix
50%
50%
Alexix,
User Rank: Apprentice
9/3/2019 | 12:18:59 PM
Re: More of the same
your are right
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-28487
PUBLISHED: 2021-01-22
This affects the package vis-timeline before 7.4.4. An attacker with the ability to control the items of a Timeline element can inject additional script code into the generated application.
CVE-2021-21260
PUBLISHED: 2021-01-22
Online Invoicing System (OIS) is open source software which is a lean invoicing system for small businesses, consultants and freelancers created using AppGini. In OIS version 4.0 there is a stored XSS which can enables an attacker takeover of the admin account through a payload that extracts a csrf ...
CVE-2021-21270
PUBLISHED: 2021-01-22
OctopusDSC is a PowerShell module with DSC resources that can be used to install and configure an Octopus Deploy Server and Tentacle agent. In OctopusDSC version 4.0.977 and earlier a customer API key used to connect to Octopus Server is exposed via logging in plaintext. This vulnerability is patc...
CVE-2020-4766
PUBLISHED: 2021-01-22
IBM MQ Internet Pass-Thru 2.1 and 9.2 could allow a remote user to cause a denial of service by sending malformed MQ data requests which would consume all available resources. IBM X-Force ID: 188093.
CVE-2021-21259
PUBLISHED: 2021-01-22
HedgeDoc is open source software which lets you create real-time collaborative markdown notes. In HedgeDoc before version 1.7.2, an attacker can inject arbitrary JavaScript into a HedgeDoc note, which is executed when the note is viewed in slide mode. Depending on the configuration of the instance...