dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
206
ke4pym
Premium Member
join:2004-07-24
Charlotte, NC

2 recommendations

ke4pym

Premium Member

Imperva Discloses Breach

»krebsonsecurity.com/2019 ··· -breach/

"... a recent data breach exposed email addresses, scrambled passwords, API keys and SSL certificates for a subset of its firewall users."

Hope some folks have been re-issuing their certs!!

OldNavyGuy
join:2018-07-24
Newberg, OR

4 recommendations

OldNavyGuy

Member

The quote at the end of the article sums it up pretty well...

“The moral of the story here is that people need to be asking tough questions of software-as-a-service firms they rely upon, because those vendors are being trusted with the keys to the kingdom,” Knight said. “Even if the vendor in question is a cybersecurity company, it doesn’t necessarily mean they’re eating their own dog food.”
HELLFIRE
MVM
join:2009-11-25

2 recommendations

HELLFIRE to ke4pym

MVM

to ke4pym
»images.app.goo.gl/8NdWB7 ··· dYAWsW59 -- 'Nuff Seid [/sarc] [/cynic]

Regards

sivran
Vive Vivaldi
Premium Member
join:2003-09-15
Irving, TX

2 recommendations

sivran to ke4pym

Premium Member

to ke4pym
Apparently only Incapsula cloud WAF customers were affected, and not CDN/DDOS mitigation customers. API keys were exposed and any custom SSL keys uploaded by the user. So a cloud WAF customer who just used shared SSL would only have their API keys at risk.

I wonder how it was verified when the unauthorized access stopped. Imperva does make a database auditing product as well, so perhaps once notified of the breach they went back into the archives to correlate the details. But that's just speculation of course.

Any SSL keys that were stolen would be approaching the end of their validity period within the next year or so.

Here's an interesting thought: most, if not all, of Imperva's public-facing websites and services sit behind Incapsula CDN at the very least. Whether they use their SecureSphere WAF or Incapsula WAF I'm not sure. So, there's another wrinkle here: how was the breach perpetrated? Did an attack bypass one or both WAFs to strike the webserver, or was some privileged account compromised by phishing or some other means?
dave
Premium Member
join:2000-05-04
not in ohio

4 recommendations

dave to ke4pym

Premium Member

to ke4pym
"Imperva" -- meant to suggest "impervious", I suppose.

Snigger...

Pride comes before a fall, as they say.

OldNavyGuy
join:2018-07-24
Newberg, OR

OldNavyGuy

Member

They used to be WebCohort.

A co-founder of Check Point Software started the company in 2002.