What do hay storage, Akamai?s Edge Connect solution, and machine learning have in common? We use the serverless machine learning system to keep our hay storage safe and secure.
This week, Gartner released its new 2021 Magic Quadrant for Web Application and API Protection (WAAP) report, which replaces the Magic Quadrant for Web Application Firewalls (WAF) report, and Akamai has been named a Leader. Akamai was named a Leader in the four previous WAF Magic Quadrants.
The TCP three-way handshake is one of the critical building blocks of the internet. It facilitates the smooth and consistent flow of information across and among different networks without compromising security.
New to the scene, monster-sized botnet M?ris is raising some eyebrows with giant requests per second (rps) attacks as shared by Cloudflare (17.2M rps, reported August 19), Yandex (peaking at 21.8M rps on September 5), and KrebsOnSecurity (2M rps on September 9). Some commentary came in on Slashdot, The Record, and The Hacker News.
The Accelerator Program, a flagship initiative of Akamai India?s Corporate Social Responsibility Trust, enables early-stage innovations for water conservation. Over the past two years, along with our mentoring partner, the International Center for Clean Water (ICCW; an initiative of the Indian Institute of Technology Madras), we onboarded two social innovators as Cohort 1 grantees: Ashoka Trust for Research in Ecology and the Environment and Foundation for Environmental Monitoring, and two social innovators as Cohort 2 grantees, SmartTerra and Jaljeevika.
The campaign was first seen by the Akamai SIRT on February 16, 2021, and appears to be targeting both Windows and Linux systems. The botnet caught our interest because it has shown to be highly active across a diverse set of geographical regions, including the Americas, Europe, and Asia.
Recently, there has been a plethora of UPX packed crypto-mining malware written in Golang targeting Linux systems and web applications popping up in the news. The malware?s primary tactic is to spread by taking advantage of vulnerable systems and weak administrative credentials. Once they?ve been infected, these systems are then used to mine cryptocurrency. I?ve named the sample I examined for this post ?Capoae,? based on the code?s output to my terminal.
Recently Atlassian has disclosed a critical RCE (Remote Code Execution) vulnerability in its Confluence server and Data Center products (CVE-2021-26084), which might allow unauthenticated users to execute arbitrary code on vulnerable servers.
The Technical Enablement and Education team, part of Akamai?s Global Services organization, has won a coveted Brandon Hall Group Gold award for ?Best Customer Training Program,? for Akamai?s flagship customer training and enablement program, Akamai University.
I?m excited to announce our new all-inclusive Learning Hub as the single destination for all product learning resources at Akamai. This new Hub gives users the ability to choose the method of learning that suits them best, whether that?s reading through technical documentation, exploring our on-demand elearning modules and hands-on labs, or joining a community discussion.
In case you haven?t already been working with EdgeWorkers, it allows you to run JavaScript code across more than 4,200 locations for proximity to users and fast application response times.
With more and more application functionality moving to the edge, it?s increasingly important to ensure that each function is doing what it needs to do. A unit test runs code over each segment of your program, checking the input and output. These tests allow developers to check individual areas of a program to see where (and why) errors are occurring. Several frameworks allow you to easily run your tests, including popular frameworks like Jest, Mocha, Jasmine, and Cypress.
Welcome back to the Holiday Readiness blog series. We hope part one has kept you busy over the past month as you continue to improve your security posture. If you haven?t finished all of the security checklist items, don?t worry ? there is still time before Black Friday and Cyber Monday.
Passwords are the bane of users and security teams? lives. Despite years of security teams educating users about not using 123456 as a password, not recycling passwords across multiple personal and professional accounts, and implementing even more rigorous password rules and investments in password manager tools, these combinations of letters, numbers, and special characters remain a rich target for attackers.
Researching malware has many challenges. One of those challenges is obfuscated code and intentionally corrupted binaries. To address challenges like this, we've written a small tool in C that could fix intentionally corrupted binaries automatically. We also plan to open-source the project so other researchers could use it too, and perhaps improve and expand upon the tool's capabilities as needed.
With DDoS, we typically observe a moderate degree of attacker persistence. DDoS attacks are relatively easy to launch from a number of online booter services, and the availability of cryptocurrencies for payment has made it easy to remain anonymous. Attackers can try their hand at DDoS for little effort and money, and in relative safety. They give it a go, try a few things (vector, endpoint, and scale changes), and for those with effective defenses, the attacker eventually burns out.
With 35 medals at stake, the last full day of competition during the games in Tokyo generated the highest video streaming traffic for 30-plus customers on the Akamai Intelligent Edge Platform. Medal matches for baseball, basketball, and soccer, along with several track and field finals, drove related traffic to 10 Tbps on Saturday, August 7.
HTTP Request Smuggling (also known as an HTTP Desync Attack) has experienced a resurgence in security research recently, thanks in large part to the outstanding work by security researcher James Kettle. His 2019 Blackhat presentation on HTTP Desync attacks exposed vulnerabilities with different implementations of the HTTP Standards, particularly within proxy servers and Content Delivery Networks (CDNs).These implementation differences with regard to how proxy servers interpret the construction of web requests have led to new request smuggling vulnerabilities. (Direct link to information on new vulnerability).
Within hours from the moment our in-house built fuzzer, hAFL1, started running ? it found a critical, CVSS 9.9 RCE vulnerability in Hyper-V?s virtual driver.
As I began my CSR Co-op position this year, I wanted to see up-close how a corporate foundation works. What I've found is that the work the Akamai Foundation does around the world is inspiring! Whether it's partnering with STEM educators, responding to the COVID-19 crisis, planning employee volunteerism efforts, or creating a hardship fund to support our community, what we do here has a positive impact across the globe. And, thanks to this co-op opportunity, I've been able to play a real part in driving this impact forward.
Caitlin Brightman
Checked
7 hours 32 minutes ago
Visit the Akamai Blog to learn more about what's going on in cybersecurity. Learn about our products and how we provide solutions to our customers.