31
Oct
2014

On Thursday, the Drupal Security Team issued a PSA on the Drupal 7 SQL injection vulnerability (SA-CORE-2014-005). The announcement underscores the importance of updating your server to Drupal 7.32.

Incapsula issued an update to our WAF rules on October 15 to protect against SA-CORE-2014-005. Customers who have the WAF enabled are protected against this vulnerability. To confirm SQL injection protection is on, log into your Incapsula account, go to Settings > WAF, and confirm that SQL Injection is set to Block Request.

Read more »

30
Oct
2014
New Data Center Goes Live in Stockholm Sweden

Today we are pleased to announce the activation of Incapsula’s latest data center in Stockholm, Sweden—located in the lucrative Telecity STO1 facility.

With this new point-of-presence (PoP), we’ve expanded our portfolio of connectivity routes to provide better performance to visitors in the Nordic region, Baltic countries, and Eastern Europe.

Read more »

29
Oct
2014
IncapRules - Fighting Comment Spam

IncapRules is a new custom security rules engine that lets you integrate your own policies on top of Incapsula’s core security logic. As we’ve discussed previously in this blog, the IncapRules scripting language is now being used globally by online organizations to gain complete and granular control over application security.

In this post, we’re going to cover how IncapRules can be applied to a prevalent security issue: comment spam.

Read more »

27
Oct
2014
How to Start Making a DDoS Response Plan

Some organizations exhibit strange behavior today when it comes to distributed denial of service (DDoS) attacks. DDoS assaults are becoming more common, increasingly sophisticated, and more costly all the time. Yet organizations continue to rely on the same dated firewall solutions they have always used to protect themselves.

It's clear they need a new strategy to update their DDoS response plan. However, developing such a plan can be a difficult proposition, particularly for organizations that have spent years ignoring the possibility of DDoS attacks.

This is where the Incapsula’s new DDoS Response Playbook can help.

This ebook is filled with useful guidance to help prepare your organization for the current threat landscape—no matter what your present DDoS mitigation strategy looks like. It also helps you in creating a plan if you don’t already have one.

Read more »


21
Oct
2014
Deprecating SHA-1 Hash Algorithm. Why, What and When.

As some of you may already know, in September Incapsula began the process of replacing all SHA-1 SSL certificates with the more secure SHA-2 version. This transition is on schedule and will be completed within the following week. In addition, all new SSL certificates issued by Incapsula will use the SHA-2 algorithm.

Our decision to discontinue SHA-1 support is in line with the industry trend, which acknowledges the potential weakness of the SHA-1 cryptographic algorithm.

In November 2013 Microsoft was the first to announce its timetable for phasing out SHA-1 certificates. According to this timetable, MSN platforms will stop supporting SHA-1 as of January 1, 2017.

More recently, Google and Mozilla announced that their browsers will no longer trust SHA-1 encrypted SSL certificates with expiration dates past December 31, 2016...

Read more »

15
Oct
2014
 What You Need to Know About POODLE SSLv3 Vulnerability

With Google disclosing the POODLE vulnerability in SSL v3, we are now witnessing version 3’s last days. Unlike other SSL vulnerabilities, such as BEAST and LUCKY 13, POODLE has no patch or workaround—the v3 protocol itself is broken. Connections using CBC ciphers are insecure, enabling attackers to extract sensitive data from them.

In Google’s paper, their vulnerability researchers reveal how an attacker can extract data, ostensibly encrypted from SSL v3 connections using CBC ciphers. They also provide an example of how a real-world attack might take place, resulting in session cookies being stolen.

The bottom line is that attackers with access to client or server environments can manipulate clients to use insecure SSL v3 connections. They then use v3 weaknesses to extract sensitive data from the stream...

Read more »

09
Oct
2014
Cyber Security Awareness Month

The month of October is Cyber Security Awareness Month, when we review threats that attempted to catch us off guard, as well as consider those looming on the horizon. To add to the discussion, Incapsula will highlight some of the incidents we’ve covered this year and make a few predictions based on our research.

Over the past five years, Incapsula’s content distribution network has expanded to every corner of the world, enabling our team to provide you with insights into the latest attacks and tactics. We’ve witnessed just about every trick in the book. These range from attacks originated by collectives such as Lizard Squad and Anonymous, upstart hackers working out their basement, and criminal syndicates attempting to disrupt legitimate organizations...

Read more »

06
Oct
2014
IncapRules – Closing the Door on Brute Force Attacks

During the recent wave of large “credential dumps”—where lists of usernames and passwords have been posted on the web—Incapsula has proven to deliver impenetrable protection from attempts to match exposed username/password combinations across various Internet resources.

Such matching attempts are executed as automated brute force attacks. One way to deal with them is to activate Incapsula’s Suspicious bots mode, , which employs <progressive challenges to sift through unidentified inhuman visitors.

However, a much more elegant solution can be achieved with a simple IncapRules syntax that leverages Incapsula’s request-inspection capabilities.

Read more »

02
Oct
2014
Did Shellshock Hit One Billion Servers?

It’s been nearly a week since the discovery of what has become known as Shellshock. Incapsula Labs has been tracking the vulnerability and its variants from almost the beginning.

The impact is big. The question I keep getting asked is, How big? There are two ways of looking at the magnitude of the attack: 1) the number of sites attacked, and 2) the damage it has caused to each site.

We’ll dig into both, as well as what we see as a potential aftershock caused by malware and exploits planted on vulnerable machines.

Read more »