Get In Touch
Recently by Larry Cashdollar
I recently attended Thotcon in Chicago, where I saw a presentation by Avishay Zawoznik called, "V!4GR4 BotNet: Cyber-Crime, Enlarged". It describes the processes, by a black hat, that used SQL injection to inject Viagra spam into vulnerable websites. The main takeaway was that the speaker talked about how compromised wordpress websites were used as webshells to operate the spam campaign from. I originally was under the assumption that websites were
One of my responsibilities as a member of the Akamai Security Intelligence Response Team (SIRT) is to research new web application vulnerabilities. For the last year, I have focused on Wordpress plugin vulnerabilities, and looking for any interesting code tidbits in my box of Wordpress toys. There are almost 50,000 wordpress plugins (at time of publication) and Wordpress is the Content Management System (CMS) of choice for over 30 million
I recently wrote an article for Information Security Magazine where I explained how internet security researchers could use their spam folders as a resource tool. It got me thinking about going into greater detail on what I've found in my inbox. Phishing Sites I noticed an increase in "free gift cards" and other e-commerce type offers in my spam email account around Black Friday the day after Thanksgiving, which
On February 23, 2017, Cloudflare released information on a bug that was disclosed by Google security researcher, Tavis Ormandy, in their content delivery network. The bug potentially exposed sensitive customer data to the Internet. Approximately 1 in every 3,300,000 HTTP requests may have contained potentially sensitive information. This information would normally be stored and cached by users and search engines as part of normal website sessions. This bug is similar
On December 29th, the United States Computer Emergency Readiness Team (US-CERT), in coordination with the FBI, released a document outlining recent attacks against US interests that have been attributed to the Russian government. To be clear, Akamai does not comment on the attribution of attacks. Rather we would like to inform our customers of what a reasonable, informed course of action should be regarding this new information.