The Akamai Blog

Learn about Discover and Announce, a 100% serverless application built on Akamai IoT Edge Connect, which can run entirely on the Akamai edge.

Akamai CTO Charlie Gero shows how the Log4j threat surface could extend to unpatchable embedded and IoT devices.

While containers offer speed and flexibility that have not been possible before in the data center, they are also exposed to security threats such as ransomware, cryptomining, and botnets.

Learn about the widely used Java-based logging library Log4j and how its vulnerability and other capabilities presented a major opportunity to attackers.

Explore some of the Akamai Abuse and Fraud Prevention team?s predictions for the future of abuse and fraud protection in 2022 and beyond.

Video game downloads and console updates helped game industry traffic peak at 125% above average on Christmas day according to Akamai, which supports more than 225 game publishers globally.

It?s no secret that the global pandemic increased opportunities for threat actors and cybercriminals to target financial services. Throughout 2020, scammers used the economic tension caused by COVID-19 ? the promise of financial assistance, the stress of financial hardship ? to target people across the globe via phishing attacks.

Log4Shell (CVE-2021-44228) is a remote code execution (RCE) vulnerability in the Apache-foundation open-source logging library Log4j. It was published on December 9, 2021, and then all hell broke loose. As Log4j is a common logging library for Java applications, it is highly widespread.

To me, Diversity & Inclusion means a new way of thinking and engaging with society. It seems to be one of the most popular phrases that every person sees on the internet every day. I have been appointed as an ambassador of D&I for Akamai?s Asia-Pacific Japan region, and have been learning the essential principles along with some of my colleagues for the past several months.

I decided to pursue a career in IT after working as a support engineer for internal employees as part of my very first job. It immediately opened my eyes to something that I found as interesting as I did shocking: Lots of people don?t understand information security ? and what?s more, they don?t protect their personal data.

The Log4Shell vulnerability is here to stay. There is a lot of speculation about the scope and true impact of the vulnerability: While many have labeled it ?severe,? information is limited on how widespread the risk is. In order to shed some light on the issue, Akamai Threat Labs is utilizing its visibility into numerous data centers worldwide to assess the actual risk Log4Shell poses to organizations.

With a comprehensive security stack, Akamai?s application security solutions defend your entire ecosystem from threats. But before you can reap the benefits that come with application security, you need to create a configuration with Akamai?s APIs. Our Developer Advocacy team is here to walk you through the process so you can achieve Infrastructure as Code ? or, as we like to call it here, Akamai as Code. Akamai as Code has the ability to support all the DevSecOps practices you know and love, such as automating repetitive tasks and streamlining configurations and workflows, along with reducing manual work and errors.

The series of vulnerabilities recently discovered in Log4j2 has shocked the internet. As part of our continuing research, on December 17, Hideki Okamoto from Akamai found and responsibly reported an additional denial-of-service (DoS) vulnerability, which was assigned as CVE-2021-45105.

Continuing with our research into CVE-2021-44228, Akamai has previously written about what the vulnerability is and given recommendations on how to go beyond patching for extra protection. Across the Akamai network, we see traffic from 1.3 billion unique devices daily, with record traffic of 182 Tbps. The threat research team has been investigating this traffic to gain deeper insights into how this vulnerability is being exploited. We want to share more technical findings and what they mean for threat hunters. Here are some implications for defenders and threat hunters to consider

Our new normal has ushered in the advent of hybrid events ? a mix of in-person and virtual events. This has made seamless live streaming with active participation of the audience, both live and remote, more important than ever. Amsterdam-headquartered company Livery is an end-to-end SaaS solution running on the Akamai content distribution network (CDN), which is perfectly suited for interactive sports, interactive learning, and live commerce productions. We?re delighted that they have chosen to work with us to deliver the experience their clients have come to love.

Magecart skimmers are here to stay, and they?re becoming more sophisticated, more creative, and harder to detect. In this post, we reveal a new skimmer infrastructure that targets ecommerce sites all over the world with advanced methods of detection evasion and obfuscation.

Akamai has been monitoring the rapidly evolving developments of CVE-2021-44228. We have been working closely with our customers and internal application teams to mitigate the risks posed by the threat of unauthorized remote code execution. This includes deploying an update to our existing Apache WAF rules to include mitigation for this Zero Day CVE, and updating the Log4j library to version 2.15.0 or later.

See how Akamai helped open-source logging library Log4j fight against a critical unauthenticated remote code execution (RCE) vulnerability and reduce customer exposure.