Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
20 résultats taggé akamai  ✕
DigiEver Fix That IoT Thing! https://www.akamai.com/blog/security-research/digiever-fix-that-iot-thing
20/12/2024 09:36:53
QRCode
archive.org
  • A vulnerability in DigiEver DS-2105 Pro DVRs is being exploited to spread malware.

  • The Akamai Security Intelligence Research Team (SIRT) noticed this activity in their honeypots on November 18, 2024.

  • The vulnerability was originally discovered by Ta-Lun Yen and a CVE identifier has been requested by the Akamai SIRT.

  • The malware is a Mirai variant that has been modified to use improved encryption algorithms.

  • We have included a list of indicators of compromise (IoCs) in this blog post to assist in defense against this threat.

akamai EN 2024 mirai DigiEver DS-2105 Pro DVR vulnerability
Teaching an Old Framework New Tricks: The Dangers of Windows UI Automation | Akamai https://www.akamai.com/blog/security-research/2024-december-windows-ui-automation-attack-technique-evades-edr
14/12/2024 11:04:20
QRCode
archive.org
  • Akamai security researcher Tomer Peled explored new ways to use and abuse Microsoft's UI Automation framework and discovered an attack technique that evades endpoint detection and response (EDR).

  • To exploit this technique, a user must be convinced to run a program that uses UI Automation. This can lead to stealthy command execution, which can harvest sensitive data, redirect browsers to phishing websites, and more.

  • Detection of this technique is challenging in several ways, including for EDR. All EDR technologies we have tested against this technique were unable to find any malicious activity.

  • This technique can be used on every Windows endpoint with operating system XP and above.

  • In this blog post, we provide a full write-up on how to (ab)use the UI Automation framework (including possible attacks that could leverage it) and we present a proof of concept (PoC) for each abuse vector we discuss. We also provide detection and mitigation options.

akamai EN 2024 Microsoft abuse automation-framework UIAutomation technique
Anonymous Sudan Takedown: Akamai's Role https://www.akamai.com/blog/security-research/2024/oct/anonymous-sudan-takedown-akamai-role-ddos
18/10/2024 11:37:15
QRCode
archive.org

The United States Department of Justice (DOJ) recently announced the takedown of Anonymous Sudan, a prolific entity in the distributed denial-of-service (DDoS) space who are known especially for their politically motivated hacktivism. This takedown is a huge step toward making the internet a safer place, and it required significant effort from multiple parties, including Akamai.

akamai EN 2024 DOJ US Anonymous-Sudan Takedown
Beware the Unpatchable: Corona Mirai Botnet Spreads via Zero-Day https://www.akamai.com/blog/security-research/2024-corona-mirai-botnet-infects-zero-day-sirt
29/08/2024 16:36:22
QRCode
archive.org
  • The Akamai Security Intelligence and Response Team (SIRT) has observed a botnet campaign that is abusing several previously exploited vulnerabilities, as well as a zero-day vulnerability discovered by the SIRT.

  • CVE-2024-7029 (discovered by Aline Eliovich) is a command injection vulnerability found in the brightness function of AVTECH closed-circuit television (CCTV) cameras that allows for remote code execution (RCE).

  • Once injected, the botnet spreads a Mirai variant with string names that reference the COVID-19 virus that has been seen since at least 2020.

  • We have included a list of indicators of compromise (IOCs) to assist in defense against this threat.

akamai EN 2024 botnet Mirai AVTECH zero-day vulnerability CCTV CVE-2024-7029
Improving Apache httpd Protections Proactively with Orange Tsai of DEVCORE https://www.akamai.com/blog/security-research/2024/aug/2024-august-apache-waf-proactive-collaboration-orange-tsai-devcore?ref=news.risky.biz
12/08/2024 19:58:53
QRCode
archive.org
  • In collaboration with renowned security researcher Orange Tsai and DEVCORE, Akamai researchers have issued early-release remediations to Apache CVEs for our Akamai App & API Protector customers.

  • Tsai presented his research at Black Hat USA 2024 and outlined the details for many Apache HTTP Server (httpd) vulnerabilities that were recently patched.

  • Before his Black Hat presentation, the Akamai Security Intelligence Group (SIG) proactively contacted Tsai to facilitate the sharing of technique details for proactive defense for our customers.

  • App & API Protector customers who are in automatic mode have existing and updated protections.

akamai OrangeTsai EN 2024 DEVCORE vulnerabilities Apache httpd CVE-2024-38475 CVE-2024-38472 CVE-2024-39573 CVE-2024-38477
Akamai Blocked 419 TB of Malicious Traffic in a 24-Hour DDoS Attack https://www.akamai.com/blog/security/akamai-blocked-419-tb-of-malicious-traffic
08/08/2024 10:49:45
QRCode
archive.org

On July 15, 2024, Akamai prevented one of the largest distributed denial-of-service (DDoS) cyberattacks it has ever observed against a major financial services company in Israel.

The highly sophisticated, high-volume attack lasted almost 24 hours.

The attacker deployed larger-than-usual resources, indicating a serious risk for future attacks.

Other Israeli financial institutions reportedly suffered outages and downtimes on the same day, potentially due to the same type of attack and the same aggressor.

Akamai EN 2024 Blocked DDoS high-volume attack
CVE-2024-4577 Exploits in the Wild One Day After Disclosure https://www.akamai.com/blog/security-research/2024-php-exploit-cve-one-day-after-disclosure
11/07/2024 09:04:42
QRCode
archive.org
  • The Akamai Security Intelligence Response Team (SIRT) has been monitoring activity surrounding CVE-2024-4577, a PHP vulnerability that affects installations running CGI mode that was disclosed in June 2024.

  • The vulnerability primarily affects Windows installations using Chinese and Japanese language locales, but it is possible that the vulnerability applies to a wider range of installations.

  • As early as one day after disclosure, the SIRT observed numerous exploit attempts to abuse this vulnerability, indicating high exploitability and quick adoption by threat actors.

  • The exploitations include command injection and multiple malware campaigns: Gh0st RAT, RedTail cryptominers, and XMRig.

  • Akamai App & API Protector has been automatically mitigating exploits that target our customers.

In this blog post, we’ve included a comprehensive list of indicators of compromise (IOCs) for the various exploits we discuss.

akamai EN 2024 php mass-exploitation CVE-2024-4577
What a Cluster: Local Volumes Vulnerability in Kubernetes https://www.akamai.com/blog/security-research/kubernetes-local-volumes-command-injection-vulnerability-rce-system-privileges
18/03/2024 09:02:18
QRCode
archive.org
  • Akamai security researcher Tomer Peled recently discovered a high-severity vulnerability in Kubernetes that was assigned CVE-2023-5528 with a CVSS score of 7.2.

  • The vulnerability allows remote code execution with SYSTEM privileges on all Windows endpoints within a Kubernetes cluster. To exploit this vulnerability, the attacker needs to apply malicious YAML files on the cluster.

  • This vulnerability can lead to full takeover on all Windows nodes in a cluster.

  • This vulnerability can be exploited on default installations of Kubernetes (earlier than version 1.28.4), and was tested against both on-prem deployments and Azure Kubernetes Service.

  • In this blog post, we provide a proof-of-concept YAML file as well as an Open Policy Agent (OPA) rule for blocking this vulnerability.

akamai EN 2024 CVE-2023-5528 Kubernetes Windows vulnerability
InfectedSlurs Botnet Spreads Mirai via Zero-Days https://www.akamai.com/blog/security-research/new-rce-botnet-spreads-mirai-via-zero-days?is=e4f6b16c6de31130985364bb824bcb39ef6b2c4e902e4e553f0ec11bdbefc118
29/11/2023 09:46:41
QRCode
archive.org
thumbnail

Akamai SIRT has uncovered two zero-day vulnerabilities that are being actively exploited to spread a Mirai variant in the wild. Read on for details and mitigation.

akamai EN 2023 Research Threat-Intelligence Mirai china-cat
InfectedSlurs Botnet Spreads Mirai via Zero-Days https://www.akamai.com/blog/security-research/new-rce-botnet-spreads-mirai-via-zero-days
22/11/2023 09:52:18
QRCode
archive.org
thumbnail

Akamai SIRT has uncovered two zero-day vulnerabilities that are being actively exploited to spread a Mirai variant in the wild.

akamai EN 2023 Research Threat-Intelligence botnet zero-day mirai china-cat
The Art of Concealment: A New Magecart Campaign That’s Abusing 404 Pages | Akamai https://www.akamai.com/blog/security-research/magecart-new-technique-404-pages-skimmer
09/10/2023 20:13:43
QRCode
archive.org
thumbnail

Akamai researchers have discovered a novel obfuscation technique that Magecart attackers are using to hide malicious code and infiltrate websites.

akamai EN 2023 magecart skimmer javascript 404
Can't Be Contained: Finding a Command Injection Vulnerability in Kubernetes https://www.akamai.com/blog/security-research/kubernetes-critical-vulnerability-command-injection
15/09/2023 16:34:42
QRCode
archive.org
thumbnail

Akamai researchers discover a critical vulnerability in Kubernetes that can lead to remote code execution.

akamai EN 2023 Kubernetes command-injection vulnerability YAML rce remote-code-execution
New Magecart-Style Campaign Abusing Legitimate Websites to Attack Others | Akamai https://www.akamai.com/blog/security-research/new-magecart-hides-behind-legit-domains
05/06/2023 09:00:06
QRCode
archive.org
thumbnail

Akamai researchers have identified a new Magecart-style skimmer campaign that hides behind legitimate website domains to steal PII and credit card information.

akamai EN 2023 Research Magecart skimmer campaign WP
The Race to Patch: Attackers Leverage Sample Exploit Code in Wordpress Plugin | Akamai https://www.akamai.com/blog/security-research/attackers-leverage-sample-exploit-wordpress-plugin
14/05/2023 17:20:39
QRCode
archive.org
thumbnail

The time for attackers to respond to known vulnerabilities is shrinking. See an example of an attacker using sample code.

  • The Akamai Security Intelligence Group (SIG) has been analyzing attack attempt activity following the announcement of a critical vulnerability in a WordPress custom fields plug-in affecting more than 2 million sites.

  • Exploiting this vulnerability could lead to a reflected cross-site scripting (XSS) attack, in which malicious code is injected into a victim site and pushed to its visitors.

  • On May 4, 2023, the WP Engine team announced the security fix in version 6.1.6, including sample exploit code as a proof of concept (PoC).

  • Starting on May 6, less than 48 hours after the announcement, the SIG observed significant attack attempt activity, scanning for vulnerable sites using the sample code provided in the technical write-up.

  • This highlights that the response time for attackers is rapidly decreasing, increasing the need for vigorous and prompt patch management.

akamai EN 2023 XSS vulnerability WordPress plugin third-party-risk CVE-2023-30777
Magecart Attack Disguised as Google Tag Manager | Akamai https://www.akamai.com/blog/security/magecart-attack-disguised-as-google-tag-manager
20/02/2023 20:36:30
QRCode
archive.org
thumbnail

Magecart skimmers constantly evolve. Recent attacks aimed at stealing sensitive customer information illustrate the need for comprehensive security solutions.

akamai EN 2023 Magecart Page-Integrity-Manager Page-Integrity-Manager Magecart in-browser-security PCI/DSS-compliance skimmers Magecart-attacks
Accidentally Crashing a Botnet https://www.akamai.com/blog/security-research/kmsdbot-part-two-crashing-a-botnet
15/01/2023 16:15:38
QRCode
archive.org
thumbnail

As part of our research into the cryptomining botnet kmsdbot, we rendered it useless.

akamai EN 2022 Security-Research Research Bot-Attacks DDOS Bot-Attacks Cyber-Security Research Security-Research Kmsdbot botnet SIRT cryptomining crash malware
Largest European DDoS Attack on Record https://www.akamai.com/blog/security/largest-european-ddos-attack-ever
29/07/2022 10:18:04
QRCode
archive.org

The risk of distributed denial-of-service attacks (DDoS) has never been greater. Over the past several years, organizations have encountered a deluge of DDoS extortion, novel threats, state-sponsored hacktivism, and unprecedented innovation in the threat landscape.

Akamai DDoS EN 2022 report record Europe
CVE-2022-26143: TP240PhoneHome Reflection/Amplification DDoS Attack Vector https://www.akamai.com/blog/security/phone-home-ddos-attack-vector
09/03/2022 08:57:18
QRCode
archive.org

A new reflection/amplification distributed denial of service (DDoS) vector with a record-breaking potential amplification ratio of 4,294,967,296:1 has been abused by attackers in the wild to launch multiple high-impact DDoS attacks.

CVE-2022-26143 Akamai reflection amplification DDoS attacks EN 2022
UPnProxy: Eternal Silence https://www.akamai.com/blog/security/upnproxy-eternal-silence
11/02/2022 18:39:36
QRCode
archive.org

UPnProxy is alive and well. There are 277,000 devices, out of a pool of 3.5 million, running vulnerable implementations of UPnP. Of those, Akamai can confirm that more than 45,000 have been compromised in a widely distributed UPnP NAT injection campaign.

Akamai EN UPnProxy EternalSilence UPnP
FritzFrog: P2P Botnet Hops Back on the Scene https://www.akamai.com/blog/security/fritzfrog-p2p
11/02/2022 18:37:08
QRCode
archive.org

FritzFrog is a peer-to-peer botnet, which means its command and control server is not limited to a single, centralized machine, but rather can be done from every machine in its distributed network. In other words, every host running the malware process becomes part of the network, and is capable of sending, receiving, and executing the commands to control machines in the network.

FritzFrog botnet EN Akamai
4259 links
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service par la communauté Shaarli - Theme by kalvn - Curated by Decio