Learn how the new Headless Chrome's near-perfect fingerprint and the CDP signal have impacted bot detection recently.

The post How New Headless Chrome & the CDP Signal Are Impacting Bot Detection appeared first on Security Boulevard.

Every year, the Eurovision Song Contest captivates millions of viewers across Europe and beyond, turning a simple music competition into a cultural phenomenon. This popularity extends to various forms of betting, with numerous gambling sites offering odds on Eurovision outcomes. Eurovision has grown from a small song competition into a massive international event, drawing in […]

The post Cyberattack on Swedish Gambling Site During Eurovision Highlights Strategic Threats appeared first on Blog.

The post Cyberattack on Swedish Gambling Site During Eurovision Highlights Strategic Threats appeared first on Security Boulevard.

Introduction Recently, Imperva Threat Research reported on attacker activity leveraging the new PHP vulnerability, CVE-2024-4577. From as early as June 8th, we have detected attacker activity leveraging this vulnerability to deliver malware, which we have now identified to be a part of the “TellYouThePass” ransomware campaign. TellYouThePass is a ransomware that has been seen since […]

The post Update: CVE-2024-4577 quickly weaponized to distribute “TellYouThePass” Ransomware appeared first on Blog.

The post Update: CVE-2024-4577 quickly weaponized to distribute “TellYouThePass” Ransomware appeared first on Security Boulevard.

LLM prompt injection and denial of wallet attacks are new ways malicious actors can attack your company through generative AI apps, such as a chatbot.

The post How DataDome Protects AI Apps from Prompt Injection & Denial of Wallet Attacks appeared first on Security Boulevard.

ReversingLabs researchers recently discovered a malicious, open source package: xFileSyncerx on the Python Package Index (PyPI). The package, with close to 300 registered downloads, contained separate malicious “wiper” components. Is it an open source supply chain threat? Kind of. Further investigation by our team uncovered the fact that the downloader and wipers were created by a cybersecurity pro doing “red team” penetration testing of a client’s SOC. 

This incident highlights a growing challenge for firms that track (and defeat) open source threats. Namely: “noise” in the form of grayware such as test packages as well as low-quality, low distribution malicious packages. As more attention turns to open source and supply chain threats and attacks, this low signal to noise ratio could make it harder to identify and remediate legitimate, open source software threats. 

In this report we will discuss the findings of our research as well as the larger implications for developers and security teams, as the open source “commons” become crowded with goodware, malware and grayware.

The post Python downloader highlights noise problem in open source threat detection appeared first on Security Boulevard.

The newly-released Apple cybersecurity threat study reveals interesting data points and demonstrates how the threat landscape is evolving.

The post 8 Takeaways from Apple 2023 Threat Research appeared first on Security Boulevard.