Akamai Diversity

Akamai Security Intelligence
& Threat Research

Akamai

Akamai

August 6, 2018 11:13 AM

Linux Kernel TCP Vulnerability

On the week of July 15th researcher Juha-Matti Tilli disclosed a vulnerability he discovered in the Linux kernel to the kernel maintainers, the National Cyber Security Center - Finland (NCSC-FI), CERT Coordination Center (CERT/CC), and Akamai. The vulnerability, CVE-2018-5390, is a resource exhaustion attack triggered by a specially crafted stream of TCP segments which creates expensive processing within the Linux kernel. In preparation for the public disclosure of the vulnerability,

Larry Cashdollar

Larry Cashdollar

August 3, 2018 10:06 AM

Defcon Expectations and Hopes

I recently attended Thotcon in Chicago, where I saw a presentation by Avishay Zawoznik called, "V!4GR4 BotNet: Cyber-Crime, Enlarged". It describes the processes, by a black hat, that used SQL injection to inject Viagra spam into vulnerable websites. The main takeaway was that the speaker talked about how compromised wordpress websites were used as webshells to operate the spam campaign from. I originally was under the assumption that websites were

Akamai InfoSec

Akamai InfoSec

July 6, 2018 11:29 AM

DrupalGangster: An old threat actor trying to cash-i ...

Written by the Akamai Threat Research Team Akamai Threat Research has observed an increase in attacks attempting to exploit a recent Drupal vulnerability (CVE-2018-7600). Much like recent vulnerabilities in Apache Struts, attackers have attempted to use this exploit for remote command injection attacks and to harness the power of the botnet to join a herd of coin-miners for profit. While the attacker did not use a large number of machines

Akamai SIRT Alerts

Akamai SIRT Alerts

June 19, 2018 6:52 AM

Anonymous #OpIcarus2018

Written by Lisa Beegle OVERVIEW Operation #OpIcarus2018 has been announced and it encompasses several on-going campaigns, including #OpPayBack, #OpIcarus, #DeleteTheElite, and #SosNicaragua. The attack campaign(s) are being driven by actors using Anonymous iconography and ideological motives. These malicious actors have stated their intent to attack various banking institutions between June 21 through 28 2018. Targeted enterprises need to be on heightened alert leading up to these dates, as there are

Thanh Nguyen

Thanh Nguyen

May 2, 2018 5:28 AM

Domain Reputation System: building a large graph to ...

Why do we need a Knowledge Base system Let me start with an obvious statement: the Internet generates a lot of data. Every day we, Akamai's security research teams, see billions of DNS queries, millions of domains, and who knows how many IP addresses. This is an exciting thing, especially if you're a data scientist. In the past year, we have taken on a "simple task": to map the "dark

Ryan Barnett

Ryan Barnett

April 13, 2018 2:35 AM

The Dark Side of APIs, Part 2

Ryan Barnett, Principal Security Researcher, Akamai Elad Shuster, Senior Security Researcher, Akamai During its research into Credential Abuse attack campaigns, Akamai's threat research team conducted an analysis of web logins to gain insights into how widespread the adoption of API-based logins is and whether or not this trend also affects attackers and attack campaigns. It will come as no surprise that API-based logins are highly targeted by credential abuse attackers

Akamai SIRT Alerts

Akamai SIRT Alerts

April 9, 2018 10:30 AM

Universal Plug and Play (UPnP): What you need to kn ...

Universal Plug and Play (UPnP) is a widely used protocol with a decade-long history of flawed implementations across a wide range of consumer devices. In this paper, we will cover how these aws are still present on devices, how these vulnerabilities are actively being abused, and how a feature/vulnerability set that seems to be mostly forgotten could lead to continued problems in the future with DDoS, account takeover, and malware

Ryan Barnett

Ryan Barnett

April 3, 2018 9:00 AM

The Dark Side of APIs: Part 1, API Overview

Ryan Barnett, Principal Security Researcher, Akamai Elad Shuster, Senior Security Researcher, Akamai API Overview Application Programming Interfaces (API) are a software design approach which enables software and system developers to integrate with other systems based on a defined set of communication methods. APIs serve as software building blocks and allow for software reuse - essentially allowing fast development of new systems based on existing capabilities.

Daniel Abeles

Daniel Abeles

March 29, 2018 6:33 AM

What You Need To Know: "SNIPR" Credential Stuffing T ...

Overview Credential abuse (CA) is a trend that is here to stay. It affects almost every one of us. There are attackers trying to break into every online account and the vast majority of these attacks are happening silently in the background. In the past, credential abuse tools were written and distributed in closed forums and among air-gapped societies. Now, they are widely available; there is a highly active market