Akamai Diversity

The Akamai Blog

Tom Emmons

Tom Emmons

June 1, 2021 12:00 PM

The Rapid Resurgence of DDoS Extortion (That Didn't ...

Just when we thought DDoS extortion was fading into the rearview mirror, it's time to circle up the trucks again (gas tanks full). Starting last week and rapidly accelerating, we began seeing in our data and hearing firsthand from organizations about a new wave of extortion activity -- new Bitcoin demands; new threat actor names; and new attacker tactics, techniques, and procedures (TTPs). Perhaps the rapid resurgence in DDoS extortion

Akamai

Akamai

June 1, 2021 8:00 AM

SOGo and PacketFence Impacted by SAML Implementation ...

Part of Akamai's incident management process for vulnerabilities in third party software involves verifying potential impact in other systems using the same or similar libraries. While following that process when addressing the SAML impersonation vulnerability, CVE-2021-28091, which impacted Akamai's Enterprise Application Access (EAA) platform, incident responders assessed the impact on other Akamai software including the code maintained by Inverse, who Akamai recently acquired. During the impact review of Inverse, we

Akamai

Akamai

June 1, 2021 8:00 AM

Akamai EAA Impersonation Vulnerability - A Deep Dive

In this post, we cover the technical details of CVE-2021-28091, the vulnerability impacting Akamai's Enterprise Application Access (EAA) platform. We cover our investigation, remediation and disclosure process for the vulnerability. For an overview of the vulnerability, the impact to Akamai, the impact to EAA customers and actions required, please see our companion report. Overview In this section, we will walk you through the history and anatomy of this vulnerability. Some

Akamai

Akamai

June 1, 2021 8:00 AM

SAML Implementation Vulnerability Impacting Some Aka ...

This blog post provides an overview of a vulnerability discovered in Akamai's Enterprise Application Access (EAA) product which has been patched. This vulnerability could have allowed an actor to impersonate an authorized user when interacting with an application that used Security Assertion Markup Language Version 2 (SAMLv2, referred to as SAML in this document) to authenticate users. Following the initial notification from a third party, Akamai engineers identified that the

Jim Black

Jim Black

May 21, 2021 6:00 AM

Why FIDO2 Is the Answer to Better Security

A groundbreaking increase in security incidents is affecting governments around the world. In light of this, the United States issued a formal order to implement a robust set of security measures designed to improve the security of federal systems. In his most recent executive order, President Biden acknowledged that the United States and many other governments around the world are facing increasing malicious cyberattacks. In order to prevent, and recover

Hitoshi Kaneko

Hitoshi Kaneko

May 12, 2021 9:00 AM

Visualize and Analyze Bots with Real User Monitoring

You interact with more than just customers on your website. Bots make up a disproportionate amount of traffic, which can skew human behavior analysis data -- and cause you to make the wrong business decisions. In fact, one Akamai customer with 30% of total traffic from bots noticed a huge gap in business metrics like bounce and conversion rates. Since human and bot behaviors are unique, you need to analyze

Ian Munford

Ian Munford

May 6, 2021 9:00 AM

Defeating the Pirates

In Akamai's paper, "Inside the World of Video Pirates," we discovered why digital intellectual property theft (aka "piracy") is possibly the most misunderstood form of cybercrime facing the TV, sports, and film industries. The paper explored how piracy strategically impacts the industry, how the various financially motivated criminals groups operate, and why many seemingly law-abiding people still continue to participate in what is often perceived as a victimless crime. Despite

Mick Higgins

Mick Higgins

April 29, 2021 9:00 AM

Anyone For a Smart Network Slice?

As with any standardization effort, development of 5G specifications accounted for numerous technology trends and new use cases. Network functions were designed for virtualization and automation to enhance operational efficiency and agility. At the same time, smart devices were in the midst of a steep ascent, and there was clear business value in new applications that took advantage of the optimized service characteristics of 5G, with somewhat cryptic names like

Shiran Guez

Shiran Guez

April 28, 2021 9:00 AM

Observed Changes to the Threat Landscape in 2020

Reflecting on the cybersecurity threat landscape in 2020, we can't overlook the massive changes that landed on us. Global security attacks increased at a significant pace between 2019 and 2020, and the COVID-19 pandemic only deepened these troubling conditions. As corporations tried to adapt to remote working practices and other environmental changes, cybercriminals ramped up their attacks. By following the trends, we will try to show the clear line of