Akamai Diversity

The Akamai Blog

Alex Balford

Alex Balford

June 15, 2021 6:30 AM

Platform Update: Akamai Boosts Edge Application Powe ...

Welcome to the Akamai Platform Update -- two days of new capabilities and innovations across our edge technology and security product portfolios. Today, we look at our edge technology products, which include edge computing, edge delivery (CDN), and other complementary products and services that help customers drive great digital experiences. Akamai is announcing new products and capabilities as part of the Platform Update to help customers build more powerful edge

Amol Mathur

Amol Mathur

June 14, 2021 9:00 AM

The Adaptive Security Engine -- A Quantum Leap Forwa ...

At Akamai, our mission is to make application and API security highly effective and easy. As part of that effort, we are excited to announce the Adaptive Security Engine -- a new core technology powering Akamai's application and API protection offerings, designed to enable a hands-off approach to protecting web applications and APIs with the highest degree of confidence. Our North Star while architecting the new engine was to give

Charlie Gero

Charlie Gero

June 7, 2021 12:00 PM

Trusting Locations Bites Us Yet Again

Recently, Microsoft announced the discovery of yet another attack being launched by the now infamous Nobelium group, which has been responsible for numerous successful attacks, including the widespread SolarWinds breach in 2020. Thankfully, this latest attempt was not as impactful as those in the past. It was discovered early on and largely mitigated through several protections. However, as I read through the security briefing, two things stand out. First, Nobelium

Josh Johnson

Josh Johnson

June 3, 2021 10:00 AM

Now Available: EdgeKV Distributed Key-Value Store

We're excited to announce the availability of EdgeKV, a distributed key-value store database that enables EdgeWorkers to leverage data stored at the edge when deploying custom code across our serverless computing platform. This solution is fully distributed, meaning it runs in 1,400+ networks and in 135 countries. As more application functionality moves to the edge, quick access to data will be critical to ensuring low latency and great user experience.

Tom Emmons

Tom Emmons

June 1, 2021 12:00 PM

The Rapid Resurgence of DDoS Extortion (That Didn't ...

Just when we thought DDoS extortion was fading into the rearview mirror, it's time to circle up the trucks again (gas tanks full). Starting last week and rapidly accelerating, we began seeing in our data and hearing firsthand from organizations about a new wave of extortion activity -- new Bitcoin demands; new threat actor names; and new attacker tactics, techniques, and procedures (TTPs). Perhaps the rapid resurgence in DDoS extortion

Akamai

Akamai

June 1, 2021 9:00 AM

How Enigmo Moved Logic from Client to Origin to Edge ...

By: Hideki Ito Enigmo owns BUYMA, a Japanese fashion C2C marketplace that helps people buy and sell high-quality goods from overseas on www.buyma.com. BUYMA has 8.21 million members and deals with 5.62 million items across 140,000 fashion brands. Its website uses EdgeWorkers to manipulate cookies, a typical use case at the edge. In 2020, Enigmo decided to use EdgeWorkers for dynamic content delivery. Previously, it set cookies at an origin

Akamai

Akamai

June 1, 2021 8:00 AM

SOGo and PacketFence Impacted by SAML Implementation ...

Part of Akamai's incident management process for vulnerabilities in third party software involves verifying potential impact in other systems using the same or similar libraries. While following that process when addressing the SAML impersonation vulnerability, CVE-2021-28091, which impacted Akamai's Enterprise Application Access (EAA) platform, incident responders assessed the impact on other Akamai software including the code maintained by Inverse, who Akamai recently acquired. During the impact review of Inverse, we

Akamai

Akamai

June 1, 2021 8:00 AM

Akamai EAA Impersonation Vulnerability - A Deep Dive

In this post, we cover the technical details of CVE-2021-28091, the vulnerability impacting Akamai's Enterprise Application Access (EAA) platform. We cover our investigation, remediation and disclosure process for the vulnerability. For an overview of the vulnerability, the impact to Akamai, the impact to EAA customers and actions required, please see our companion report. Overview In this section, we will walk you through the history and anatomy of this vulnerability. Some

Akamai

Akamai

June 1, 2021 8:00 AM

SAML Implementation Vulnerability Impacting Some Aka ...

This blog post provides an overview of a vulnerability discovered in Akamai's Enterprise Application Access (EAA) product which has been patched. This vulnerability could have allowed an actor to impersonate an authorized user when interacting with an application that used Security Assertion Markup Language Version 2 (SAMLv2, referred to as SAML in this document) to authenticate users. Following the initial notification from a third party, Akamai engineers identified that the