A few days ago, we released a new agent version (1.23.3), which contains very important developments: We added two new SenseLog rules. The first one detects arbitrary file uploader bots, and the second one is for Joomla Spam regers. SenseLog is prepared for future remote config update. Instant blacklist action added to WAF Manager. It […]

The current world war isn’t happening in the physical world. However, cyber attacks have stepped into the foreground, and blackhat hackers can gain millions with their targeted attacks. Their main weapon in this war: malware. In this article, we’ll diversify the different types of malware so that you can better understand their behaviour. There are […]

In a previous article, we’ve discussed the BitNinja safe minimum ruleset for the BitNinja WAF, that consists of 15 rules from the OWASP Core Ruleset, along with 6 rules from the BitNinja rules category. These rules can be safely enabled on the root location pattern on your server. In the BitNinja Ruleset, there are 5 […]

Our Attack Vector Miner (based on AI) is a very effective tool to identify 0. day attacks. Here comes the first catch! Discovery of a New Botnet At the beginning of July, our Attack Vector Miner created a new cluster, filled with logs about a new type of botnet. We perceived the first incident on […]

In the preceding articles, I’ve talked a lot about the BitNinja safe minimum ruleset template and how you should enable it on your “/” location (or on “*/wp-admin/*” if needed) if you’re hosting mainly WordPress websites. So I’d like to give you a little more explanation about the rules that are part of the safe […]

Artificial Intelligence (AI) is spreading quickly in many industries, and we can gladly announce the Attack Vector Miner, one of our latest developments based on AI. But before we tell you more about that, let’s get a bit more familiar with AI. If you’re an AI expert, know everything about it, and are only curious […]

New LogAnalysis with 109x speed The former version of SenseLog (which serves our robust LogAnalysis module) has processed the files at the start and observed them if there were any changes in them. It has used a lot of sources for the dates in the log rows. In this version it was necessary because SenseLog […]

HTTP/2 support with BitNinja WAF 2.0 The version of bitninja-ssl-termination 1.1.0, which is practically a HAProxy (1.8.9), can handle HTTP2 connections. It will be installed automatically by BitNinja (v 1.20.10) and it will reconfigure the configs for HTTP/2. It only affects the HTTPS connections. HTTP2 over TLS (h2) is supported by all of the modern […]

As you know, recently we’ve released multiple security patches for the Drupalgeddon vulnerabilities. The last one was Drupal Remote Code Execution - SA-CORE-2018-004, CVE-2018-7602, patched only 2 days after it was first discovered. We’re very proud of our quick reaction time and would like to share some statistics with you about the attacks that were […]