Akamai Diversity

Akamai Security Intelligence & Threat Research

Recently by Larry Cashdollar

Larry Cashdollar

Larry Cashdollar

July 29, 2019 7:00 AM

Criminals using targeted Remote File Inclusion attac ...

In June 2019, logs on my personal website recorded markers that were clearly Remote File Inclusion (RFI) vulnerability attempts. The investigation into the attempts uncovered a campaign of targeted RFI attacks that currently are being leveraged to deploy phishing kits. The latest kit focuses on a large and well-known bank in the EU.

Larry Cashdollar

Larry Cashdollar

June 26, 2019 2:14 PM

SIRT Advisory: Silexbot bricking systems with known ...

On June 25th, I discovered a new bot named Silexbot on my honeypot. The bot itself is a blunt tool used to destroy IoT devices. Its author, someone who claims to be a 14-year-old boy from Europe, has made his intentions clear with some very distinct text embedded in the code.

Larry Cashdollar

Larry Cashdollar

June 13, 2019 11:17 AM

Latest ECHOBOT: 26 Infection Vectors

Introduction Since the release of the Mirai source code in October of 2016, there have been hundreds of variants. While publishing my own research, I noticed that Palo Alto Networks was also examining similar samples, and published their findings. Earlier this month, not too long after Palo Alto Networks published their report, I discovered a newer version of Echobot that uses 26 different exploits for its infection vectors. In some

Larry Cashdollar

Larry Cashdollar

June 5, 2019 8:00 AM

Identifying Vulnerabilities in Phishing Kits

While recently examining hundreds of phishing kits for ongoing research, Akamai discovered something interesting - several of the kits included basic vulnerabilities due to flimsy construction or reliance on outdated open source code. Considering the impact phishing kits have on the Internet and web hosting as a whole, the phrase "kicking someone when they're down" certainly come to mind.

Larry Cashdollar

Larry Cashdollar

April 1, 2019 10:09 AM

SIRT Advisory: Multiple Vulnerabilities in Magento

Summary Magento users should patch their systems to the fixed versions 2.3.1, 2.2.8 and 2.1.17 immediately due to multiple severe vulnerabilities disclosed in Magento on March 26, 2019.

Larry Cashdollar

Larry Cashdollar

February 5, 2019 1:58 PM

Phishing Attacks Against Facebook / Google via Googl ...

When it comes to phishing, criminals put a lot of effort into making their attacks look legitimate, while putting pressure on their victims to take action. In today's post, we're going to examine a recent phishing attempt against me personally. This is an interesting attack, as it uses Google Translate, and targets multiple accounts in one go.

Larry Cashdollar

Larry Cashdollar

January 17, 2019 9:00 AM

ThinkPHP Exploit Actively Exploited in the Wild

While investigating the recent Magecart card skimming attacks, I came across a payload I was not familiar with. Further research into it lead me to discover that in December a researcher disclosed a remote command execution vulnerability in ThinkPHP, a web framework by TopThink.

Larry Cashdollar

Larry Cashdollar

November 20, 2018 2:00 PM

jQuery File Upload Disclosure Due Diligence

After I disclosed the arbitrary file upload vulnerability in Blueimp's jQuery File Upload project in early October I decided to investigate similar projects. I found a list of the top 20 jQuery file upload projects that listed both free open source and commercial repositories. I started to examine the code that didn't require a purchase, and found the majority didn't provide a method to actually upload the file. They simply

Larry Cashdollar

Larry Cashdollar

October 30, 2018 9:00 AM

An Update on the jQuery-File-Upload Vulnerability

In the days following the original post concerning my disclosure of the flaw in jQuery-File-Upload (CVE-2018-9206), many people reached to me with a number of questions on various related topics. I think a blog post is the best way to answer many of them, along with explaining ongoing efforts to identify and patch vulnerable jQuery instances in the wild.