Get In Touch
Sometimes after looking at web application security, IoT botnets, and various malware I long for the pre-2000 hacking days. Where, instead of looking for XSS or SQL injection vulnerabilities, you would be hunting for server-side vulnerabilities. This summer, I was gifted an SGI Indy R5000. I'd mentioned on Twitter a while back that I'd love to have an IRIX system in my lab, since this was the system I'd discovered
December is typically a time where many people and businesses take a moment to reflect on everything that happened during the last 12 months. Everything - the good, the bad and the ugly.
Over the past two months, Akamai's threat research team has been closely monitoring a phishing campaign that impersonates the official Internal Revenue Service (IRS) website, and is requesting sensitive information, email addresses, and passwords.
Back in August, I wrote an article about XMR crypto mining software targeting x86/I686 systems. This is a follow-up to that original malware analysis. Previously, I discussed an attacker who, using known default login credentials, targets enterprise systems to mine the XMR cryptocurrency.
A group calling themselves "Cozy Bear" has been emailing various companies with an extortion letter, demanding payment and threatening targeted DDoS attacks if their demands are not met.
As mentioned in previous Akamai blogs, phishing is an ecosystem of mostly framework developers and buyers who purchase kits to harvest credentials and other sensitive information. Like many framework developers, those focusing on phishing kits want to create an efficient attack flow on their framework, from opening an email or clicking a link on a social media post, to visiting the phishing website, to completing the attack by sharing information,
This Halloween, the scariest thing you might encounter could be lurking on the device you're reading this on.
Recently, I noticed an interesting cryptomining script in my honeypot. It had all the usual checks for CPU and architecture type before downloading a binary. It even had the usual kill any processes that might be other cryptominers. However, what caught my eye was a one-line shell script that searched through .ssh/known_hosts and .ssh/id_pub.pub keys, in an attempt to infect other systems that might share SSH keys with the infected
While examining Akamai's network attack logs, I noticed an attack campaign leveraging Drupalgeddon2. Drupalgeddon2 is an unauthenticated remote code execution vulnerability (CVE-2018-7600) in the Drupal CMS platform that was patched in March 2018.