Akamai Diversity

Akamai Security Intelligence & Threat Research

October 2018 Archives

Larry Cashdollar

Larry Cashdollar

October 30, 2018 9:00 AM

An Update on the jQuery-File-Upload Vulnerability

In the days following the original post concerning my disclosure of the flaw in jQuery-File-Upload (CVE-2018-9206), many people reached to me with a number of questions on various related topics. I think a blog post is the best way to answer many of them, along with explaining ongoing efforts to identify and patch vulnerable jQuery instances in the wild.

Larry Cashdollar

Larry Cashdollar

October 18, 2018 10:45 AM

Having The Security Rug Pulled Out From Under You

I attended the Messaging, Malware and Mobile Anti-Abuse Working Group (m3aawg.org) meeting in Brooklyn, NY. I expected better weather to wander around the city while enjoying the conference and the neighborhood's wide selection of food. I had been so confident of clear skies that I did not bring a rain jacket. It rained most of the week. This left me somewhat stranded in my hotel room with free Wifi service

Larry Cashdollar

Larry Cashdollar

October 12, 2018 8:14 AM

An Examination of a Phishing Kit Dubbed Luis

There have been plenty of articles describing the structure of phishing emails, and how to spot them. However, less explored, are phishing websites - what they are, how they are used, and how users can protect themselves. We'll take a deep dive into a particular phishing website and the methods used in the author's attempt to avoid detection. While reading through my Twitter feed, I noticed a tweet from @WifiRumHam

Ryan Barnett

Ryan Barnett

October 11, 2018 7:33 AM

Security Response Headers: What They Are, Why You Sh ...

Security response headers are a critical security capability that all organizations should consider. This blog post is the first in a series that will discuss different security headers and go in-depth with how to configure them for maximum benefit. For cyber criminals, attacking a web application directly is not the only option available. They also have the ability target other users of the system in order to steal their information,

Daniel Abeles

Daniel Abeles

October 8, 2018 10:39 AM

Capturing the HackerOne Flag

by Daniel Abeles & Shay Shavit HackerOne is a bug bounty platform that allows hackers around the world to participate in bug bounty campaigns, initiated by HackerOne's customers. Recently, HackerOne announced they would be hosting a special live hacking event in Buenos Aires along side a week long security conference, Ekoparty 14. In order to participate the special event, you either have to be a top ranked hacker on their