Learn about the widely used Java-based logging library Log4j and how its vulnerability and other capabilities presented a major opportunity to attackers.
Video game downloads and console updates helped game industry traffic peak at 125% above average on Christmas day according to Akamai, which supports more than 225 game publishers globally.
It?s no secret that the global pandemic increased opportunities for threat actors and cybercriminals to target financial services. Throughout 2020, scammers used the economic tension caused by COVID-19 ? the promise of financial assistance, the stress of financial hardship ? to target people across the globe via phishing attacks.
Log4Shell (CVE-2021-44228) is a remote code execution (RCE) vulnerability in the Apache-foundation open-source logging library Log4j. It was published on December 9, 2021, and then all hell broke loose. As Log4j is a common logging library for Java applications, it is highly widespread.
To me, Diversity & Inclusion means a new way of thinking and engaging with society. It seems to be one of the most popular phrases that every person sees on the internet every day. I have been appointed as an ambassador of D&I for Akamai?s Asia-Pacific Japan region, and have been learning the essential principles along with some of my colleagues for the past several months.
I decided to pursue a career in IT after working as a support engineer for internal employees as part of my very first job. It immediately opened my eyes to something that I found as interesting as I did shocking: Lots of people don?t understand information security ? and what?s more, they don?t protect their personal data.
The Log4Shell vulnerability is here to stay. There is a lot of speculation about the scope and true impact of the vulnerability: While many have labeled it ?severe,? information is limited on how widespread the risk is. In order to shed some light on the issue, Akamai Threat Labs is utilizing its visibility into numerous data centers worldwide to assess the actual risk Log4Shell poses to organizations.
With a comprehensive security stack, Akamai?s application security solutions defend your entire ecosystem from threats. But before you can reap the benefits that come with application security, you need to create a configuration with Akamai?s APIs. Our Developer Advocacy team is here to walk you through the process so you can achieve Infrastructure as Code ? or, as we like to call it here, Akamai as Code. Akamai as Code has the ability to support all the DevSecOps practices you know and love, such as automating repetitive tasks and streamlining configurations and workflows, along with reducing manual work and errors.
The series of vulnerabilities recently discovered in Log4j2 has shocked the internet. As part of our continuing research, on December 17, Hideki Okamoto from Akamai found and responsibly reported an additional denial-of-service (DoS) vulnerability, which was assigned as CVE-2021-45105.
Continuing with our research into CVE-2021-44228, Akamai has previously written about what the vulnerability is and given recommendations on how to go beyond patching for extra protection. Across the Akamai network, we see traffic from 1.3 billion unique devices daily, with record traffic of 182 Tbps. The threat research team has been investigating this traffic to gain deeper insights into how this vulnerability is being exploited. We want to share more technical findings and what they mean for threat hunters. Here are some implications for defenders and threat hunters to consider
Our new normal has ushered in the advent of hybrid events ? a mix of in-person and virtual events. This has made seamless live streaming with active participation of the audience, both live and remote, more important than ever. Amsterdam-headquartered company Livery is an end-to-end SaaS solution running on the Akamai content distribution network (CDN), which is perfectly suited for interactive sports, interactive learning, and live commerce productions. We?re delighted that they have chosen to work with us to deliver the experience their clients have come to love.
Magecart skimmers are here to stay, and they?re becoming more sophisticated, more creative, and harder to detect. In this post, we reveal a new skimmer infrastructure that targets ecommerce sites all over the world with advanced methods of detection evasion and obfuscation.
Akamai has been monitoring the rapidly evolving developments of CVE-2021-44228. We have been working closely with our customers and internal application teams to mitigate the risks posed by the threat of unauthorized remote code execution. This includes deploying an update to our existing Apache WAF rules to include mitigation for this Zero Day CVE, and updating the Log4j library to version 2.15.0 or later.
See how Akamai helped open-source logging library Log4j fight against a critical unauthenticated remote code execution (RCE) vulnerability and reduce customer exposure.
We?re proud to announce the 1.0 release of the Property Manager extension to Visual Studio Code and Eclipse. With the new Property Manager extension, you can edit and validate Property Manager API (PAPI) JSON rule trees right from your integrated development environment (IDE). It allows you to make and validate critical changes to your configuration closer to your DevOps environment. Once you've updated and validated the configuration file in your IDE, you can easily push it back to the platform with PAPI or Akamai command-line interface (CLI).
One aspect of resilience on the internet is that things ? notably servers and resources ? move around. Sometimes moves are legitimate, such as when a popular site evolves from hosting their own website to moving to a cloud provider to using a CDN to handle the ever-increasing traffic. Sometimes the moves are not legitimate, such as when an attacker pretends to be an ecommerce or banking site and steals a user?s credentials upon login. How can the end user tell the difference between legitimate and not-so-legitimate moves?
What a year 2021 has been. Even as the world continues to re-open to various degrees, we?re still feeling the impact from 2020?s move to an almost completely virtual world. Many large companies are shifting to a hybrid model, mixing the ability to work from home with working in the office. Some are even offering their employees the opportunity to work remotely indefinitely. There is no denying that the way we work, bank, play, and relax has been impacted by COVID-19. Shouting ?pivot? may have shot into popular culture in the TV show Friends, but it?s a rallying cry that?s been revived in the 2020s by businesses, individuals, and criminals alike.
Wedia makes it possible for some of the world?s biggest companies to effectively manage, customize, and deliver their marketing assets. Akamai is delighted that this fantastic brand has chosen us to deliver a rich and engaging web experience for its customers while also ensuring the highest level of security for the great array of multimedia assets stored on their platform by a number of Fortune 500 companies.
Ina Christova
Checked
7 hours 24 minutes ago
Visit the Akamai Blog to learn more about what's going on in cybersecurity. Learn about our products and how we provide solutions to our customers.