Akamai Diversity

The Akamai Blog

Bill Brenner

Bill Brenner

February 25, 2015 6:25 AM

DDoS Agents Target Joomla, Other SaaS Apps

A new attack threatens enterprises and Software-as-a-Service (SaaS) providers: chaotic actors using Joomla servers with a vulnerable Google Maps plugin installed as a platform to launch DDoS assaults. The attack technique was discovered by researchers from Akamai's Prolexic Security Engineering & Research Team (PLXsert), working alongside PhishLabs' Research, Analysis, and Intelligence Division (R.A.I.D). You can download the full advisory from Akamai's State of the Internet website for free.

Bill Brenner

Bill Brenner

February 24, 2015 8:26 AM

Akamai at RSA Conference 2015

Akamai security staff will be at RSA Conference 2015 in force, and some of us will be giving talks. A preview:

Bill Brenner

Bill Brenner

February 24, 2015 8:04 AM

SecureWorld Boston 2015: Schedule Change

Last week I told you about my speaking appearances at SecureWorld Boston March 4. There's one schedule change to tell you about:Instead of participating in a panel on emerging threats, I'll be on this panel instead:Protecting Your Data as it Roams, March 4 from 1:15-2:15 p.m. Today your data moves fast and across platforms. Security professionals are charged with protecting valuable information as it moves from data centers to employee

Bill Brenner

Bill Brenner

February 19, 2015 10:26 AM

BSides Boston Call for Papers

BSides Boston 2015 takes place Saturday, May 9 at Microsoft, and organizers have issued their call for papers. WHAT: Security BSides Boston 2015 Call for Presentations/Papers WHO: Your awesome 45 minute presentation on a security/tech/hacking topic. Marketing/advertising presentations will be rejected. WHEN: Deadline for submissions: March 1st midnight EST WHERE: 1 Cambridge Center, Cambridge, Massachusetts HOW (Format): Talk Title (under 10 words)200ish words abstract with links to any pertinent backup

Bill Brenner

Bill Brenner

February 19, 2015 6:51 AM

I'll Be Speaking at SecureWorld Boston

In two weeks I'll give a presentation and participate in a panel discussion at SecureWorld Boston 2015. The event takes place March 4-5 at the Hynes Convention Center. Akamai is a gold sponsor. My talk, March 4 from 8:30-9:15 a.m., is called "Attack Techniques and Defenses." I'll explain how the bad guys are targeting companies and how to fight back based on threat research and remediation techniques used by Akamai

Bill Brenner

Bill Brenner

February 17, 2015 6:46 AM

Security News for Feb. 17

A look at security news from around the Web. The Great Bank Heist, or Death by 1,000 Cuts? (KrebsonSecurity) A look at the Carbanak gang, which deployed malware via phishing scams to get inside of computers at more than 100 banks and steal upwards of USD $300 million -- possibly as high as USD $1 billion. Google Adds Grace Period for Software Developer to Fix Security Flaws (eWeek) In what

Akamai

Akamai

February 12, 2015 6:30 AM

Attackers Using New MS SQL Reflection Techniques

The bad guys are using a fairly new technique to tamper with the Microsoft SQL Server Resolution Protocol (MC-SQLR) and launch DDoS attacks. In an advisory released this morning, Akamai's Prolexic Security Engineering & Response Team (PLXsert) described it as a new type of reflection-based distributed denial of service (DDoS) attack. PLXsert first spotted attackers using the technique in October. Last month, researcher Kurt Aubuchon studied another such attack and

Bill Brenner

Bill Brenner

February 10, 2015 1:40 PM

Microsoft Security Patches for February 2015

Microsoft has released its February 2015 security bulletin. Windows, Internet Explorer, Group Policy and Office are among the affected items. The full patch matrix is below.More Akamai perspective on patching and vulnerability management:Akamai University: Vulnerability Management vs. Pen TestingTen Years After the Blaster WormBug Bounty Programs: A Turning Point for Microsoft

Bill Brenner

Bill Brenner

February 10, 2015 5:59 AM

Security Awareness Programs: Better Than Nothing

Awhile back, after we ran a post about SEA's phishing activities and DNS attacks, my old friend Dave Marcus -- director and chief architect of McAfee's Federal Advanced Program Group -- took issue with our advice that companies continue to push for better security awareness among employees and customers.