Akamai Diversity

The Akamai Blog

Larry Cashdollar

Larry Cashdollar

February 15, 2018 8:00 AM

Wordpress DoS Attack: CVE-2018-6389

Overview On February 5, an Israeli security researcher, Barak Tawily, discovered a Denial of Service (DoS) attack impacting all 3.x-4.x versions of the Wordpress content management platform. The vulnerability is currently unpatched and relies on a performance boosting feature in Wordpress allowing Javascript and style sheets to be loaded in bulk via a single request. The attack does not affect the Akamai platform, but it does affect any customers using

AkamAI Research

AkamAI Research

February 13, 2018 9:00 AM

Humans, Machines and Data: Fighting Mirai, Together

By Yohai Einav, Hongliang Liu Background It's been 18 months since Mirai entered our lives, and, unfortunately, we expect it to have a perennial presence in our cyber-world for years to come. If we look at the big picture, all indicators suggest that the Mirai problem (and its descendants) is just going to increase, with the growing number of IoT devices in the world and the improvement in IoT hardware

Lorenz Jakober

Lorenz Jakober

February 1, 2018 7:11 PM

The days of VPNs are numbered

We have been talking about how it's time to re-evaluate giving full access to the corporate network for some time. In fact, Akamai's Sr. Director of Enterprise Security & Infrastructure Engineering talks about one of his core goals--No VPN--here. Over the last few days, I am sure many teams who are taking the No VPN route are even more thankful. The recent news about yet another patching fire drill--this time

Jim Black

Jim Black

January 26, 2018 9:00 AM

The New Cyber Landscape: More Threats, But Fewer Sec ...

Great news: If you're a security professional, your skills have never been more in demand. On the flip side, if you're looking for security talent, the search will likely be lengthy and difficult. ISACA predicts that by 2019 there will be a shortage of two million cyber security professionals globally. And in a survey released by ESG and ISSA in November 2017, 70% of respondents stated that security skills shortages

Jim Black

Jim Black

January 24, 2018 2:50 PM

Algorithms, Alerts, and Akamai Threat Intelligence

Let me start by posing a question: If in one week security solution A produces 120 alerts and security solution B produces 45 alerts, which solution is providing you with more effective protection? The answer is: It depends. On the face of it, solution A appears to be more effective because it's delivering more alerts than solution B. But what if solution A is actually delivering a considerable number of

Or Katz

Or Katz

January 19, 2018 1:33 AM

Gone Phishing For The Holidays

Written by Or Katz and Amiram Cohen Overview: While our team, Akamai's Enterprise Threat Protector Security Research Team, monitored internet traffic throughout the 2017 holiday season, we spotted a wide-spread phishing campaign targeting users through an advertising tactic. During the six week timeframe, we tracked thirty different domains with the same prefix: "holidaybonus{.}com". Each one advertised the opportunity to win an expensive technology prize - a free iPhone 8, PlayStation

AkamAI Research

AkamAI Research

January 17, 2018 12:55 PM

The Botconf Experience

By Yohai Einav, Amir Asiaee, Ali Fakiri-Tabrizi and Alexey Sarychev Originally Posted on January 4, 2018 Earlier this month we took our show on the road, presenting some of our team's work at the Botconf conference in beautiful Montpellier, France. We could talk here for hours about the food, wine, culture, etc., but it would probably be more plausible for our readers to learn about the current developments in the

AkamAI Research

AkamAI Research

January 9, 2018 6:57 AM

A Death Match of Domain Generation Algorithms

By Hongliang Liu and Yuriy Yuzifovich Originally posted on December 29, 2017 Today's post is all about DGA's (Domain Generation Algorithms): what they are, why they came into existence, what are some use cases where they are used, and, most importantly - how to detect and block them. As we will demonstrate here, the most effective defense against DGAs is a combination of traditional methods with modern machine intelligence.

Akamai InfoSec

Akamai InfoSec

January 4, 2018 3:40 PM

Impact of Meltdown and Spectre on Akamai

Overview On Wednesday, January 3rd, researchers from Google Project Zero, Cyberus Technology, Graz University of Technology, and other organizations released details about a pair of related vulnerabilities, dubbed Meltdown and Spectre. These vulnerabilities appear to affect all modern processors and enables malicious code to read sensitive portions of memory on nearly all systems, including computers and mobile devices. Akamai is aware of side-effects of "speculative execution", the core capabilities that