Akamai Diversity

The Akamai Blog

Akamai

Akamai

June 11, 2015 9:56 AM

OpenSSL Vulnerabilities (CVE-2015-1788 & CVE-2015-17 ...

Akamai is aware of a recently disclosed vulnerability in OpenSSL that can be exploited to perform denial of service attacks against any system which processes public keys, certificate requests, or certificates. The announcement for CVE-2015-1788 (discovered by Joseph Barr-Pixton and fixed by Andy Polyakov of the OpenSSL development team) and CVE-2015-1789 (discovered independently by Robert Swiecki and Hanno Böck) can be found here. The fix was developed by Emilia Käsper

Bill Brenner

Bill Brenner

June 4, 2015 4:16 PM

SOTI Security Series: Magnified View of DDoS Attack ...

In Akamai's most recent SOTI (State of the Internet) Security Report (Download the Q1 2015 report here), two areas of research focused on the most frequent attack types by target industry, and DDoS attack distribution between Q1 2014 and the same period a year later.Since the report's release, we've delved deeper into the data and came up with two charts showing a more granular view based on Fig. 1-4 and

Bill Brenner

Bill Brenner

June 2, 2015 12:15 PM

SOTI Security Series: Exploratory Data Analysis of a ...

By Richard Willey, Senior Program Manager - Adversarial ResilienceAkamai maintains a database that records information about different attacks it has observed.  The ongoing analysis of that database is captured each quarter in Akamai's State of the Internet Security Report. (Download the Q1 2015 report here.) But even after a report is released, researchers continue to dig deeper into the data and provide updates.To that end, this article describes an exploratory

Bill Brenner

Bill Brenner

June 2, 2015 8:21 AM

Akamai, Trustwave Form Strategic Alliance

Akamai has announced a new strategic alliance with Trustwave, designed to help businesses more effectively fight myriad threats through vulnerability assessment, denial-of-service prevention and incident response. From the press release: "Through this partnership, Akamai and Trustwave plan to make available to their respective customers select technology solutions and security services from each company's portfolio. The strategic relationship is intended to allow both companies to provide a broader set of cyber security

Bill Brenner

Bill Brenner

June 1, 2015 10:00 AM

Security Bulletin: Third-Party Plugins Ripe for Atta ...

In a new bulletin released this morning, Akamai researchers outlined a threat in which malicious actors use vulnerabilities in third-party plug-ins to target the large websites that utilize them. Such exploits require little technical skill and are highly effective. Instead of targeting a high-traffic website directly, attackers simply target the third-party advertising company, content network or provider used by the site. High-profile sites are common targets and their security posture

Or Katz

Or Katz

May 29, 2015 6:17 AM

Mobilizing SQL Injection Attacks: Same Pig, New Lips ...

In the past years we have seen an increase in distributed attacks against web applications. By using many attacking resources to target the same destination, attackers are obscuring their identity while boosting attack bandwidth, placing a greater challenge to defensive forces. Most of the distributed attacks use "volumetric" methods such as Distributed Denial of Service (DDoS) or brute force techniques such as "slow and low" to attack web applications.

Bill Brenner

Bill Brenner

May 26, 2015 6:37 AM

Podcast: Akamai CSO Andy Ellis on the Q1 2015 State ...

In this episode, State of the Internet Security Podcast host Bill Brenner chats with Akamai CSO Andy Ellis about the findings in Akamai's Q1 2015 State of the Internet - Security Report. Specifically, they discuss how: Q1 2015 set a record for the number of DDoS attacks observed across the PLXrouted and proxy mitigation platforms - more than double the number recorded in Q1 2014 - and a jump of

Bill Brenner

Bill Brenner

May 22, 2015 9:27 AM

Akamai Statement on the Logjam Vulnerability

In response to the Logjam vulnerability discussed in this disclosure, Akamai is continuing to analyze its production servers to determine if it supports the relevant Diffie-Hellman ciphers that would leave customers vulnerable to Logjam.We have determined that Akamai hosts on our Free Flow and Secure Content Delivery Networks are not vulnerable.  We do recommend customers check their origin. We also recommend that anyone using a web browser, running a server

Bill Brenner

Bill Brenner

May 19, 2015 5:29 AM

Q1 2015 State of the Internet Security Report Releas ...

Today we release the Q1 2015 State of the Internet Security Report. You can grab it here, but we've been previewing it for the last few weeks in the Akamai Blog:Q1 2015 SOTI Security Preview: 7 Attack VectorsIn this final preview before the report's release, we look at the most-used attack vectors for the quarter.Coming Soon: The Q1 2015 State of the Internet Security ReportAmong the Q1 2015 highlights:We saw