The Akamai Blog Subscribe
Planning for the end of 2016: a leap second and the ...
New Year's Eve is typically in the depth of end-of-year change freezes for most IT organizations. At the end of 2016, however, two major events will be occurring right at the end of the year: a leap second and the final end of browser support for SHA-1 TLS certificates. Both of these changes have the potential to break software systems and applications. Significant preparation, planning, and testing ahead-of-time can significantly
Dyn DDoS Attack: Wide-Spread Impact Across the Finan ...
The recent DDoS attack against the Dyn DNS service resulted in major impact across the financial services industry, and provides us an example to better understand the technology risks and the lessons learned from this attack. In the first of this two part blog, we will examine the impact that the attack had on banks, insurance companies, and other firms in the industry. In Part 2, we'll dig into some
Multiple SQL Injections in Three Joomla Extensions b ...
Earlier this month, I found myself thinking about some vulnerabilities I discovered with my intern, Elitza Neytcheva, while demonstrating vulnerability research. I realized I only gave the code a nominal review, only partially analyzing and tracing the execution paths to exploit the XSS and SQL injection that Elitza and I initially found. We looked at about 5% of the overall extensions code. I figured it could use a second deeper
Keeping an Eye on Credential Abuse Attacks
Akamai Edge conference is here and I'm really excited to share some of my insights and thoughts about credential abuse attacks in my session "Akamai Threat Research into Credentials Abuse". Credential abuse attacks become a common disturbing threat in recent years, a successful credential abuse attack campaign can result with a potential damage that include losing access and control over the accounts, data breach and even fraudulent transactions.
Akamai Undergoes SOC 2 Assessment: Adding a Service ...
Akamai completed its first assessment against the SOC 2 standard this summer, and has released its first report on compliance under NDA. What is the SOC 2? The SOC (Service Organization Controls) 2 is a security standard aimed at Service Organizations. The SOC 2 is developed and maintained by the AICPA (American Institute of CPAs),which breaks goals for secure operations into 5 different categories called trust principles. The trust principles
Who is cyber-attacking my country?
You. And if not you, surely some of your fellow compatriots are. With a notable exception, but I'll come to this later in the article. For forensic purposes, determining the origin country IPs involved in DDoS attacks -called 'zombies'- helps to determine who and where the victim is, but tells nothing about the location where the actual attacker sits, since those zombies, usually well distributed geographically speaking, have been infected
When Things Attack
Researchers at Akamai have been monitoring the growth of attacks leveraging Internet of Things (IoT) devices. These attacks are coming from compromised devices of various sorts. Akamai works hard to protect our customers and users from these attacks. With other, non-IoT types of devices (including general purpose computers), owners can patch or reconfigure their systems to close vulnerabilities. In the Internet of Things, device owners are often at the mercy
620+ Gbps Attack - Post Mortem
On Tuesday, September 20, Akamai successfully defended against a DDoS attack exceeding 620 Gbps, nearly double that of the previous peak attack on our platform. That attack and the recent release of the Mirai source code have generated a lot of interest in, and speculation about, the role of IoT devices in DDoS attacks. For several months, Akamai researchers have been looking into the code that is now known as
Akamai acquires enterprise secure access innovator S ...
Providing employees with secure access to enterprise applications deployed behind the firewall is a core requirement for all businesses. Increasingly, businesses must also deal with delivering third-party access to critical applications whether hosted in the public cloud or a private data center.