Akamai Security Intelligence & Threat ResearchSubscribe
Scanning Akamai's Edge Servers for Vulnerabilities, ...
By, Kaan Onarlioglu Continuous monitoring of the Akamai Edge Platform for security vulnerabilities is an integral part of all engineering efforts at Akamai. In addition to our internal vulnerability management program, we engage with third-party assessors to periodically perform external scans of our systems since this is required for compliance with security standards such as PCI DSS and FedRAMP.
What were the DDoS numbers for Q2 & Q3 2018?
We heard your feedback. First of all, the numbers that everyone is most interested in: There were 2,057 DDoS attacks in the Q1 of 2018, 1839 attacks in Q2 and 2,367 attacks in Q3, for a total of 6,263 DDoS attacks as of September 30th, 2018. Now that's out of the way, the next most important thing to acknowledge is about our reporting period. In the last State of the
An Update on the jQuery-File-Upload Vulnerability
In the days following the original post concerning my disclosure of the flaw in jQuery-File-Upload (CVE-2018-9206), many people reached to me with a number of questions on various related topics. I think a blog post is the best way to answer many of them, along with explaining ongoing efforts to identify and patch vulnerable jQuery instances in the wild.
Having The Security Rug Pulled Out From Under You
I attended the Messaging, Malware and Mobile Anti-Abuse Working Group (m3aawg.org) meeting in Brooklyn, NY. I expected better weather to wander around the city while enjoying the conference and the neighborhood's wide selection of food. I had been so confident of clear skies that I did not bring a rain jacket. It rained most of the week. This left me somewhat stranded in my hotel room with free Wifi service
An Examination of a Phishing Kit Dubbed Luis
There have been plenty of articles describing the structure of phishing emails, and how to spot them. However, less explored, are phishing websites - what they are, how they are used, and how users can protect themselves. We'll take a deep dive into a particular phishing website and the methods used in the author's attempt to avoid detection. While reading through my Twitter feed, I noticed a tweet from @WifiRumHam
Security Response Headers: What They Are, Why You Sh ...
Security response headers are a critical security capability that all organizations should consider. This blog post is the first in a series that will discuss different security headers and go in-depth with how to configure them for maximum benefit. For cyber criminals, attacking a web application directly is not the only option available. They also have the ability target other users of the system in order to steal their information,
Capturing the HackerOne Flag
by Daniel Abeles & Shay Shavit HackerOne is a bug bounty platform that allows hackers around the world to participate in bug bounty campaigns, initiated by HackerOne's customers. Recently, HackerOne announced they would be hosting a special live hacking event in Buenos Aires along side a week long security conference, Ekoparty 14. In order to participate the special event, you either have to be a top ranked hacker on their
State of the Internet Security - Credential Stuffing
Credential stuffing, and the botnets behind this activity, is the primary focus of the State of the Internet Security Report, Issue 4, 2018. Credential stuffing, the use of botnets to try to login to a site with stolen or randomly created login information, isn't a new phenomenon, but it is one that is having a growing impact, especially on financial services organizations. Our latest report takes a deeper look at
Root KSK Roll: Replacing the Root of Trust for the D ...
By Tim April -------- Update (Sept. 17, 2018): On Sunday, September 16th, the ICANN Board adopted a resolution instructing the ICANN Organization to continue the Root KSK Roll as planned, switching the Root KSK at 1600 UTC on October 11, 2018. --------- On October 11, 2018 -- for the first time ever -- the Root Key Signing Key (Root KSK), that is the single root of trust used to verify