Get In Touch
The Q2 2015 State of the Internet Security Report (SOTI Security) is due out in the next couple of weeks, and today we continue previewing various sections. Yesterday we told you about security risks that come into play when third-party plug-ins are used with Wordpress. Today we look at attack vectors the bad guys favored in Q2.
The Q2 2015 State of the Internet - Security Report (SOTI Security) is due out in the next couple of weeks, and today we begin previewing various sections. Let's begin with the potential security risks that come into play when third-party plug-ins are used with Wordpress. WordPress is the world's most popular website and blogging platform. Its ever-growing popularity makes it an attractive target for attackers who aim to exploit hundreds
This month we'll release the Q2 2015 State of the Internet Security Report. Tomorrow, we'll begin previewing sections of that report in this blog.But before we begin, a look back at the previous quarter's report is in order. Such a review will better position readers to digest the new report and do some comparing and contrasting. Every report highlights a new trend, but we also see things that don't change
To date, over a dozen Akamai customers have been the targets of DD4BC, a group of cyber attackers who use a series of politely worded, yet increasingly threatening email messages to extort a 25 Bitcoin ransom (approximately $5,750 in US dollars) in exchange for stopping attacks on the victims' sites and number if victims is increasing. DD4BC starts out with what they call "small demonstrative attacks" that will not crash
Earlier today (Aug 6, 2015) at the Black Hat Security Conference in Las Vegas, Bishop Fox, a security research and penetration testing firm, announced the discovery of a vulnerability that allows an outside actor to conduct a cross-site request forgery (CSRF)/Server-Side Request Forgery (SSRF) attack using a combination of exploits. This vulnerability relied on the Akamai platform in two ways: specially-crafted legacy resource locators (also called v1 ARLs) in combination
I was ready for a relaxing vacation on the Mexican Riviera Maya where the warm waters and cool drinks would provide the backdrop for a great week. Making the Internet fast, reliable and secure every day is demanding work so I was happy to temporarily leave my thoughts about Akamai at home, spend quality time with family, and sneak in a book that I've been wanting to read for a
Last night I watched an On Demand episode of The American Experience titled Blackout, which recounted the 1977 power failure in New York City and its lasting impact on city due to widespread looting and destruction. With the power completely out, the operators at Con Ed got to work restoring power using a manual that was last updated after another massive blackout - in 1965.
Akamai is aware of a talk scheduled for Black Hat USA 2015 this week that will discuss some potential issues with platforms like ours. Mike Brooks and Matthew Bryant, security analysts at Bishop Fox, will give the following talk on Aug. 6: BYPASS SURGERY ABUSING CONTENT DELIVERY NETWORKS WITH SERVER-SIDE-REQUEST FORGERY (SSRF) FLASH AND DNS
Akamai is aware of a recently disclosed critical vulnerability in BIND (CVE-2015-5477) that can be exploited to cause a denial of service. How does the attack work? An attacker can cause BIND to exit by using a constructed packet to trigger a REQUIRE assertion via defective handling of a TKEY query. How is Akamai affected? Akamai's Fast DNS / EDNS authoritative name servers do not run BIND and as