Akamai Diversity

Akamai Security Intelligence & Threat Research

Recently by Larry Cashdollar

Larry Cashdollar

Larry Cashdollar

February 5, 2019 1:58 PM

Phishing Attacks Against Facebook / Google via Googl ...

When it comes to phishing, criminals put a lot of effort into making their attacks look legitimate, while putting pressure on their victims to take action. In today's post, we're going to examine a recent phishing attempt against me personally. This is an interesting attack, as it uses Google Translate, and targets multiple accounts in one go.

Larry Cashdollar

Larry Cashdollar

January 17, 2019 9:00 AM

ThinkPHP Exploit Actively Exploited in the Wild

While investigating the recent Magecart card skimming attacks, I came across a payload I was not familiar with. Further research into it lead me to discover that in December a researcher disclosed a remote command execution vulnerability in ThinkPHP, a web framework by TopThink.

Larry Cashdollar

Larry Cashdollar

November 20, 2018 2:00 PM

jQuery File Upload Disclosure Due Diligence

After I disclosed the arbitrary file upload vulnerability in Blueimp's jQuery File Upload project in early October I decided to investigate similar projects. I found a list of the top 20 jQuery file upload projects that listed both free open source and commercial repositories. I started to examine the code that didn't require a purchase, and found the majority didn't provide a method to actually upload the file. They simply

Larry Cashdollar

Larry Cashdollar

October 30, 2018 9:00 AM

An Update on the jQuery-File-Upload Vulnerability

In the days following the original post concerning my disclosure of the flaw in jQuery-File-Upload (CVE-2018-9206), many people reached to me with a number of questions on various related topics. I think a blog post is the best way to answer many of them, along with explaining ongoing efforts to identify and patch vulnerable jQuery instances in the wild.

Larry Cashdollar

Larry Cashdollar

October 18, 2018 10:45 AM

Having The Security Rug Pulled Out From Under You

I attended the Messaging, Malware and Mobile Anti-Abuse Working Group (m3aawg.org) meeting in Brooklyn, NY. I expected better weather to wander around the city while enjoying the conference and the neighborhood's wide selection of food. I had been so confident of clear skies that I did not bring a rain jacket. It rained most of the week. This left me somewhat stranded in my hotel room with free Wifi service

Larry Cashdollar

Larry Cashdollar

October 12, 2018 8:14 AM

An Examination of a Phishing Kit Dubbed Luis

There have been plenty of articles describing the structure of phishing emails, and how to spot them. However, less explored, are phishing websites - what they are, how they are used, and how users can protect themselves. We'll take a deep dive into a particular phishing website and the methods used in the author's attempt to avoid detection. While reading through my Twitter feed, I noticed a tweet from @WifiRumHam

Larry Cashdollar

Larry Cashdollar

August 3, 2018 10:06 AM

Defcon Expectations and Hopes

I recently attended Thotcon in Chicago, where I saw a presentation by Avishay Zawoznik called, "V!4GR4 BotNet: Cyber-Crime, Enlarged". It describes the processes, by a black hat, that used SQL injection to inject Viagra spam into vulnerable websites. The main takeaway was that the speaker talked about how compromised wordpress websites were used as webshells to operate the spam campaign from. I originally was under the assumption that websites were

Larry Cashdollar

Larry Cashdollar

February 15, 2018 8:00 AM

Wordpress DoS Attack: CVE-2018-6389

Overview On February 5, an Israeli security researcher, Barak Tawily, discovered a Denial of Service (DoS) attack impacting all 3.x-4.x versions of the Wordpress content management platform. The vulnerability is currently unpatched and relies on a performance boosting feature in Wordpress allowing Javascript and style sheets to be loaded in bulk via a single request. The attack does not affect the Akamai platform, but it does affect any customers using

Larry Cashdollar

Larry Cashdollar

August 2, 2017 6:30 AM

Larry's Cabinet of Web Vulnerability Curiosities

One of my responsibilities as a member of the Akamai Security Intelligence Response Team (SIRT) is to research new web application vulnerabilities. For the last year, I have focused on Wordpress plugin vulnerabilities, and looking for any interesting code tidbits in my box of Wordpress toys. There are almost 50,000 wordpress plugins (at time of publication) and Wordpress is the Content Management System (CMS) of choice for over 30 million