Get In Touch
A common defensive rule of information security is that once you detect an attack against your organization's Web applications, you must mitigate the attack by stopping it. In other words: "stop it once you can." But what if the rules of the defenders vs. attackers "game" have changed and the teams are not playing in the same league anymore? For example, here are some of the "game" changers from recent
On Jan. 28, 2016, OpenSSL released a new version of OpenSSL software. This release contains (among others) two potentially important security fixes to which we would like to draw your attention: SSLv2 does not block disabled ciphers (CVE-2015-3197) and DH small subgroups (CVE-2016-0701) Akamai would like to inform you that our customers are not vulnerable to these issues on our delivery platform, however, customers should confirm that their origin servers
The discussions among the insurance industry participants at Akamai's Edge conference this past October were fascinating. It was abundantly clear, that there are major shifts ahead that will set the course for where the industry is headed in the long-term. Although the insurance industry as a whole has been less agile, heavily burdened by legacy systems and is really one of the last data-driven businesses to realize a full digital
Your web application by default is accessible to the entire planet. This exposure can open your site up to unnecessary risk. Akamai's Request Control Cloudlet can quickly allow or deny access to website content based on the IP or Geography associated with an inbound request. For example, you may deny access to users in embargoed countries or allow it only to a specific region where your users live. Manage the
Health IT Security recently published the results of Akamai's latest State of the Internet report, emphasizing that "Distributed denial of services (DDoS) attacks are up during the third quarter of 2015, reinforcing the healthcare industry's growing concern for healthcare data security." They have hit on a very salient point here, because while many may think that healthcare providers are not likely targets of DDoS attacks, there are definite reasons why
By Rich Salz Akamai was informed of a new TLS vulnerability -- SLOTH -- by researcher Karthik Bharghaven. Akamai then worked with the researcher to confirm and fix the vulnerability in an expedient manner prior to public disclosure. Consequently, we minimized the chances of an exploit and have determined that Akamai customers are now not vulnerable to SLOTH.
Akamai's Threat Research Division has identified a sophisticated search engine optimization (SEO) campaign that uses SQL injections to attack targeted websites. An advisory on the subject, written by Ryan Barnett of the company's cloud security intelligence team, is available here.
By Larry W. Cashdollar, Akamai SIRT A few weeks ago I noticed a tweet from someone I have been following off and on for a few weeks. The tweet highlighted an exposed administration panel in a software product called Delegate. The Delegate software is described as, "a multi-purpose application-level gateway, or a proxy server which runs on multiple platforms (Unix, Windows and MacOS X)". What this software does is allow
It wasn't too long ago that the only reason a site would leverage HTTPS was to encrypt sensitive data so it couldn't be read in transit. Times are changing and the Internet as we know it is moving more and more towards encrypting all website traffic. Below are 7 good reasons to move your website to only use HTTPS.