The Akamai Blog

Last year, Akamai released research on obfuscation techniques being used by cybercriminals to create malicious JavaScript. The code is unreadable, un-debuggable, and as a result, much more challenging to analyze and detect.

Microsoft Bing today announced the rollout of IndexNow, a new protocol designed in conjunction with Yandex that can allow ?websites to easily notify search engines whenever their website content is created, updated, or deleted.? The goal is to reduce the amount of time it takes for search engines to discover and index website changes ? a process often measured in days and even weeks ? to mitigate traffic loss and the potential adverse effects on customers and even revenues.

Akamai mPulse is a real user monitoring solution, providing detailed information about the user experiences delivered by your web applications. mPulse can be configured within your Akamai property to automatically start collecting data from your customer visits. This initial setup will gather the data required to use advanced features in Adaptive Acceleration such as Script Manager, Automatic Server Push, and Automatic Preconnect.

Breaking news: we just completed an 850-user pilot with Akamai MFA. In this blog, the first in a series, I?ll explain why we switched to Akamai MFA, how we ran our pilot, and employee feedback so far. Check back for my next blog, when we?re midway through our global deployment. A burglar checks for open windows. Neglecting to lock just one is like leaving the door wide open. In the same way, cyber attackers look for the easiest user accounts to take over ? whether that?s network access credentials, email, on-premise applications, or cloud/SaaS applications. If they?re lucky, they can also use the stolen credentials to breach other systems, an action known as lateral movement.

On September 29, Ash Daulton, along with the cPanel Security Team, reported a path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.29 to the Apache security team. The issue was fixed within two days, under CVE-2021-41773, and the patch was released on October 4. Apache urged to deploy the fix, as it is already being actively exploited.

Every day, Akamai?s Threat Research team tracks and mitigates phishing attack campaigns to help keep our customers ? and their reputations ? protected. Recently, they tracked an orchestrated attack campaign comprising more than 9,000 domains and subdomains, mainly targeting victims located in China. The phishing scam was abusing more than 15 high-profile and trusted brands spanning ecommerce, travel, and food & beverage industries. By using well-known brand names, the threat actors attempted to engage victims to participate in a quiz that, once completed, would result in winning an attractive prize. Akamai refers to this malicious modus operandi as a ?question quiz? phishing attack campaign.

DDoS and AppSec attacks impacting the ANZ region (Australia and New Zealand) have been in the headlines of late, with several high profile companies seeing prolonged outages and leading to speculation as to whether the region is being specifically targeted? Let?s take a closer look at the types of attack vectors and malicious activity we?ve seen focused on customers down under.

Think how many websites you visit or videos you stream. Do you check your bank account or transfer money, download apps, play music, share updates on social media, or use the internet for any of the thousands of other digital experiences it enables every day?

A lot has already been written about the Facebook outage earlier this week. In case you missed it (if that?s possible), Facebook, Facebook Messenger, Instagram, and WhatsApp were all down for several hours on Monday. Facebook provided an update on the cause of the outage late Monday, citing a configuration change on their backbone routers as the root cause, with additional details in a subsequent blog post.

Understand why it's important to refine your organization?s approach. See how to enact a security model that protects your business and enables growth.

As I took on the role of Chief Marketing Officer of Akamai earlier this year, I set out to inspire and challenge our teams to build an impactful global campaign that showcases not just what we do, but what we make possible. What quickly became clear is that to be authentic in talking about what we make possible, we first needed to get crystal clear on our why ? WHY our company exists, and what our greater impact on the world is.

October is here, and that means we are less than two months away from the busiest weekend of the year. Parts one and two of the Holiday Readiness blog series covered topics ranging from security checklists to disaster recovery strategies and flash crowd management. If you haven?t had a chance to review those topics and checklists, now is a critical time to start to ensure you are ready for the traffic rush the holiday season brings.

This post covers the details of CVE-2021-40683 (CVSS 6.5), the vulnerability impacting the Akamai Enterprise Application Access (EAA) Client running on Windows systems, for which Akamai has provided a patch to its customers.

Ransomware is everywhere. And the shift of workloads to the cloud and employees to work-from-home models has only expanded the attack surface, creating new opportunities for attackers to leverage. Companies need Zero Trust solutions that not only defend against threat actors gaining access to enterprise systems, but also mitigate the impact of infections that slip through the cracks.

What do hay storage, Akamai?s Edge Connect solution, and machine learning have in common? We use the serverless machine learning system to keep our hay storage safe and secure.

This week, Gartner released its new 2021 Magic Quadrant for Web Application and API Protection (WAAP) report, which replaces the Magic Quadrant for Web Application Firewalls (WAF) report, and Akamai has been named a Leader. Akamai was named a Leader in the four previous WAF Magic Quadrants.

See the most recent research from Amit Serper on a vulnerability in Autodiscover from Microsoft Outlook that affects credential leaks.

The TCP three-way handshake is one of the critical building blocks of the internet. It facilitates the smooth and consistent flow of information across and among different networks without compromising security.

New to the scene, monster-sized botnet M?ris is raising some eyebrows with giant requests per second (rps) attacks as shared by Cloudflare (17.2M rps, reported August 19), Yandex (peaking at 21.8M rps on September 5), and KrebsOnSecurity (2M rps on September 9). Some commentary came in on Slashdot, The Record, and The Hacker News.

The Accelerator Program, a flagship initiative of Akamai India?s Corporate Social Responsibility Trust, enables early-stage innovations for water conservation. Over the past two years, along with our mentoring partner, the International Center for Clean Water (ICCW; an initiative of the Indian Institute of Technology Madras), we onboarded two social innovators as Cohort 1 grantees: Ashoka Trust for Research in Ecology and the Environment and Foundation for Environmental Monitoring, and two social innovators as Cohort 2 grantees, SmartTerra and Jaljeevika.