Get In Touch
The Novel Coronavirus, and the resulting viral respiratory illness caused by it, COVID-19, is changing our world. As much as possible, people around the world are practicing social distancing. This means working remotely for a large number of people, possibly for the first time in their lives. From Akamai's view, these changes led to a 30% growth in Internet traffic in March, causing many people to ask if the Web
Recently, researchers at Akamai observed phishing attacks leveraging recycled kits in a series of campaigns taking advantage of the Coronavirus (COVID-19) health crisis. Phishing kits that have been previously deployed over the last several months are now being used again in order to reach a new pool of potential victims: those working from home due to self-isolation, mandated quarantine, or corporate policy during the pandemic.
Overview Being a Content Delivery Network (CDN) platform, sometimes you can see fractions of attacks on the wire. In this blog, we will focus on phishing websites that, while not being delivered by the Akamai platform, are referring to or redirecting victims to pages that are on Akamai's platform.
Recruitment scams are a serious, but often overlooked risk to job seekers. Those responsible for these schemes often play on the victim's stress levels or professional ego, by using authority to offer something that could be life changing, often with large salaries. I've personally experienced a recruitment scam. In this post, we'll explore the scam that targeted me, and the steps I took that prevented me from becoming a victim.
Happy New Year! It's February now, so we've made, and most likely have broken, all of those New Year's Resolutions that we vowed to keep. As we look forward to the rest of 2020, the staff that produces the State of the Internet / Security report really only has one resolution -- evolve.
The Service Worker web API is a powerful new API for web browsers. During our research, we have found several ways attackers can leverage this API to enhance their low-to-medium risk findings into a powerful and meaningful attack. By abusing this API, an attacker can also leave his footprint in the victim's browser and potentially leak sensitive information. By the end of this post, you will have the basics
Summary On January 14, 2020, CERT CC published an advisory warning of the potential use of Content Delivery Networks (CDNs) to cache malicious traffic. Akamai acknowledges this issue and has been aware of similar research in the past. This advisory highlights a reflected XSS vulnerability in origin web applications that exists whether or not a CDN is involved, exacerbated by having responses cached. Site operators should be aware that HTTP
I recently had the opportunity to team up with three other security researchers (Brett Buerhaus, Cody Brocious (Daeken), Olivier Beg (Smiegles)) to examine the usage of PDF renders on the Internet.
Overview Thanksgiving in the United States is considered by many to mark a good time of year to gain insight into enterprise access and threats. From an enterprise point of view, Thanksgiving is when many American users will be on vacation, but may still working from home, in some capacity. It's interesting to see users' access patterns as they pertain to enterprise applications, such as email or other SaaS platforms,