Akamai Diversity

Akamai Security Intelligence
& Threat Research

Jonathan Respeto

Jonathan Respeto

March 20, 2019 7:00 AM

Continuous Training with CTF's

Akamai Engineering Culture Akamai is an environment fueled by the desire to learn and improve. There are open engineering and training courses, wikis, live training sessions, as well as engineer lead lecture series. Most importantly there is a strong culture around continued personal and professional development. The Security Operations Control Center (SOCC), for example, has a continuous training program where team members are given a full day, every week, dedicated

Larry Cashdollar

Larry Cashdollar

February 5, 2019 1:58 PM

Phishing Attacks Against Facebook / Google via Googl ...

When it comes to phishing, criminals put a lot of effort into making their attacks look legitimate, while putting pressure on their victims to take action. In today's post, we're going to examine a recent phishing attempt against me personally. This is an interesting attack, as it uses Google Translate, and targets multiple accounts in one go.

Akamai InfoSec

Akamai InfoSec

January 22, 2019 9:00 AM

InfoSec experiment - Letting the CAT out of the bag

By Lukasz Orzechowski If you work on an Information Security team that gets customer questionnaires, you're likely familiar with Vendor Security Risk Assessment templates. We all care about information safety, and it is natural for our customers to want to check how well we are aligned with what they require internally, or with industry standards. We get a lot of questions and addressing them is our bread and butter. One

Larry Cashdollar

Larry Cashdollar

January 17, 2019 9:00 AM

ThinkPHP Exploit Actively Exploited in the Wild

While investigating the recent Magecart card skimming attacks, I came across a payload I was not familiar with. Further research into it lead me to discover that in December a researcher disclosed a remote command execution vulnerability in ThinkPHP, a web framework by TopThink.

Or Katz

Or Katz

December 14, 2018 8:00 AM

Quiz Phishing: One Scam, 78 Variations

Overview Over the past year, Akamai Enterprise Threat Research team monitored the usage of one particular phishing toolkit in the wild. We previously wrote about this phishing toolkit as "Three Questions Quiz". The "Quiz" toolkit is not new to the threat landscape, as its been used in many phishing campaigns in recent years. Our goal here is to present new insights on the evolution and scale of usage of the

Ryan Barnett

Ryan Barnett

November 27, 2018 7:05 AM

Protecting Your Website Visitors from Magecart: Trus ...

There have been many news reports recently which outline how cyber criminals have successfully injected credit card skimming JavaScript code into the checkout process pages of various websites. Dubbed Magecart, these attacks refer to a number of threat actors who are using similar tactics to skim customer data from e-commerce websites. While Magecart is the current threat example, the larger threat is that of malicious JavaScript skimmer code. This blog

Akamai SIRT Alerts

Akamai SIRT Alerts

November 16, 2018 10:17 AM

Scanning Akamai's Edge Servers for Vulnerabilities, ...

By, Kaan Onarlioglu Continuous monitoring of the Akamai Edge Platform for security vulnerabilities is an integral part of all engineering efforts at Akamai. In addition to our internal vulnerability management program, we engage with third-party assessors to periodically perform external scans of our systems since this is required for compliance with security standards such as PCI DSS and FedRAMP.

Larry Cashdollar

Larry Cashdollar

October 30, 2018 9:00 AM

An Update on the jQuery-File-Upload Vulnerability

In the days following the original post concerning my disclosure of the flaw in jQuery-File-Upload (CVE-2018-9206), many people reached to me with a number of questions on various related topics. I think a blog post is the best way to answer many of them, along with explaining ongoing efforts to identify and patch vulnerable jQuery instances in the wild.

Larry Cashdollar

Larry Cashdollar

October 18, 2018 10:45 AM

Having The Security Rug Pulled Out From Under You

I attended the Messaging, Malware and Mobile Anti-Abuse Working Group (m3aawg.org) meeting in Brooklyn, NY. I expected better weather to wander around the city while enjoying the conference and the neighborhood's wide selection of food. I had been so confident of clear skies that I did not bring a rain jacket. It rained most of the week. This left me somewhat stranded in my hotel room with free Wifi service