Akamai
Security Intelligence
& Threat Research
Subscribe
Music to Hack To: My First CVE and 20 Years of Vulne ...
October is National Cyber Security Awareness Month (NCSAM). I've been doing security and vulnerability research since 1994, and a lot has changed in the industry. For this post, in honor of NCSAM, I'm going to revisit my first CVE (Common Vulnerabilities and Exposures), and offer some general observations and stories from the past.
State of the Internet/ Security: You Can't Solo Secu ...
We all know that security touches virtually every vertical and impacts our daily lives. But the topic of games, and the gaming industry, is near and dear to the SOTI team's hearts. Many on our team are gamers, and this year, the gaming world has been more than just a place to pass time and build worlds - it's been a way to keep the feeling of community alive.
Ransom Demands Return: New DDoS Extortion Threats Fr ...
Update 08/24/2020 As mentioned below, the Akamai SIRT has been tracking attacks from the so-called Armada Collective and Fancy Bear actors, who are sending ransom letters to various industry verticals such as finance, travel, and e-commerce. In addition to the information in our previous advisory, we can confirm that we're now seeing attacks peak at almost 200 Gb/sec, utilizing ARMS, DNS Flood, GRE Protocol Flood, SNMP Flood, SYN Flood, and
Question Quiz - The Forgotten Scam
Overview Over a year ago, Akamai's threat research team published research regarding a widely-used phishing toolkit we referred to as the "Three Question Quiz". It's now time to review the evolution of the toolkit, the associated campaigns that we tracked in the wild, and the potential damage caused by those campaigns in the past year.
State of the Internet / Security: Special Media Edit ...
This blog post was six months in the making. Sometimes you make plans. Sometimes those plans get pushed to the side, torn up, and thrown into the wind. That's what happened with this issue of our report.
Stealthworker: Golang-based brute force malware stil ...
By: Larry Cashdollar Malware that can target Windows and Linux systems was recently installed on my honeypot. After some investigation, I determined it to be similar to the malware discovered in February of 2019 by Malwarebytes, and later examined by Fortinet in October that same year. Written in Golang, the malware is called Stealthworker. Once a system is successfully infected, the attackers will use it to probe other targets in
Watch Your Step: The Prevalence of IDN Homograph Att ...
The internationalized domain name (IDN) homograph attack is used to form domain names that visually resemble legitimate domain names, albeit, using a different set of characters [1]. For example, the IDN "xn--akmai-yqa.com" which appears in unicode as "akámai.com" visually resembles the legitimate domain name "akamai.com". Attackers often apply IDN homograph attacks to form domain names that are used for malicious purposes, such as malware distribution [2] or phishing [3], while
Contributing to the Verizon Data Breach Investigatio ...
I remember sitting down to "crack the cover" of the very first Verizon Data Breach Investigation Report (DBIR) a lifetime ago. I was the security manager of a small hosting company and the report was the first time I'd ever seen a real, data driven effort to quantize breaches and the security problems we were facing daily. It was the first time we had real data, rather than theories, opinions
SaltStack Vulnerabilities Actively Exploited in the ...
On April 29, 2020, the Salt management framework, authored by the IT automation company SaltStack, received a patch concerning two CVEs; CVE-2020-11651, an authentication bypass vulnerability, and CVE-2020-11652, a directory-traversal vulnerability.