Found 65 bookmarks
Custom sorting
DigiEver Fix That IoT Thing!
DigiEver Fix That IoT Thing!
  • A vulnerability in DigiEver DS-2105 Pro DVRs is being exploited to spread malware. The Akamai Security Intelligence Research Team (SIRT) noticed this activity in their honeypots on November 18, 2024. The vulnerability was originally discovered by Ta-Lun Yen and a CVE identifier has been requested by the Akamai SIRT. The malware is a Mirai variant that has been modified to use improved encryption algorithms. We have included a list of indicators of compromise (IoCs) in this blog post to assist in defense against this threat.
·akamai.com·
DigiEver Fix That IoT Thing!
Teaching an Old Framework New Tricks: The Dangers of Windows UI Automation | Akamai
Teaching an Old Framework New Tricks: The Dangers of Windows UI Automation | Akamai
  • Akamai security researcher Tomer Peled explored new ways to use and abuse Microsoft's UI Automation framework and discovered an attack technique that evades endpoint detection and response (EDR). To exploit this technique, a user must be convinced to run a program that uses UI Automation. This can lead to stealthy command execution, which can harvest sensitive data, redirect browsers to phishing websites, and more. Detection of this technique is challenging in several ways, including for EDR. All EDR technologies we have tested against this technique were unable to find any malicious activity. This technique can be used on every Windows endpoint with operating system XP and above. In this blog post, we provide a full write-up on how to (ab)use the UI Automation framework (including possible attacks that could leverage it) and we present a proof of concept (PoC) for each abuse vector we discuss. We also provide detection and mitigation options.
·akamai.com·
Teaching an Old Framework New Tricks: The Dangers of Windows UI Automation | Akamai
Anonymous Sudan Takedown: Akamai's Role
Anonymous Sudan Takedown: Akamai's Role
The United States Department of Justice (DOJ) recently announced the takedown of Anonymous Sudan, a prolific entity in the distributed denial-of-service (DDoS) space who are known especially for their politically motivated hacktivism. This takedown is a huge step toward making the internet a safer place, and it required significant effort from multiple parties, including Akamai.
·akamai.com·
Anonymous Sudan Takedown: Akamai's Role
Beware the Unpatchable: Corona Mirai Botnet Spreads via Zero-Day
Beware the Unpatchable: Corona Mirai Botnet Spreads via Zero-Day
  • The Akamai Security Intelligence and Response Team (SIRT) has observed a botnet campaign that is abusing several previously exploited vulnerabilities, as well as a zero-day vulnerability discovered by the SIRT. CVE-2024-7029 (discovered by Aline Eliovich) is a command injection vulnerability found in the brightness function of AVTECH closed-circuit television (CCTV) cameras that allows for remote code execution (RCE). Once injected, the botnet spreads a Mirai variant with string names that reference the COVID-19 virus that has been seen since at least 2020. * We have included a list of indicators of compromise (IOCs) to assist in defense against this threat.
·akamai.com·
Beware the Unpatchable: Corona Mirai Botnet Spreads via Zero-Day
Improving Apache httpd Protections Proactively with Orange Tsai of DEVCORE
Improving Apache httpd Protections Proactively with Orange Tsai of DEVCORE
  • In collaboration with renowned security researcher Orange Tsai and DEVCORE, Akamai researchers have issued early-release remediations to Apache CVEs for our Akamai App & API Protector customers. Tsai presented his research at Black Hat USA 2024 and outlined the details for many Apache HTTP Server (httpd) vulnerabilities that were recently patched. Before his Black Hat presentation, the Akamai Security Intelligence Group (SIG) proactively contacted Tsai to facilitate the sharing of technique details for proactive defense for our customers. * App & API Protector customers who are in automatic mode have existing and updated protections.
·akamai.com·
Improving Apache httpd Protections Proactively with Orange Tsai of DEVCORE
Akamai Blocked 419 TB of Malicious Traffic in a 24-Hour DDoS Attack
Akamai Blocked 419 TB of Malicious Traffic in a 24-Hour DDoS Attack
On July 15, 2024, Akamai prevented one of the largest distributed denial-of-service (DDoS) cyberattacks it has ever observed against a major financial services company in Israel. The highly sophisticated, high-volume attack lasted almost 24 hours. The attacker deployed larger-than-usual resources, indicating a serious risk for future attacks. Other Israeli financial institutions reportedly suffered outages and downtimes on the same day, potentially due to the same type of attack and the same aggressor.
·akamai.com·
Akamai Blocked 419 TB of Malicious Traffic in a 24-Hour DDoS Attack
CVE-2024-4577 Exploits in the Wild One Day After Disclosure
CVE-2024-4577 Exploits in the Wild One Day After Disclosure
  • The Akamai Security Intelligence Response Team (SIRT) has been monitoring activity surrounding CVE-2024-4577, a PHP vulnerability that affects installations running CGI mode that was disclosed in June 2024. The vulnerability primarily affects Windows installations using Chinese and Japanese language locales, but it is possible that the vulnerability applies to a wider range of installations. As early as one day after disclosure, the SIRT observed numerous exploit attempts to abuse this vulnerability, indicating high exploitability and quick adoption by threat actors. The exploitations include command injection and multiple malware campaigns: Gh0st RAT, RedTail cryptominers, and XMRig. Akamai App & API Protector has been automatically mitigating exploits that target our customers. In this blog post, we’ve included a comprehensive list of indicators of compromise (IOCs) for the various exploits we discuss.
·akamai.com·
CVE-2024-4577 Exploits in the Wild One Day After Disclosure
Largest European DDoS Attack on Record
Largest European DDoS Attack on Record
The risk of distributed denial-of-service attacks (DDoS) has never been greater. Over the past several years, organizations have encountered a deluge of DDoS extortion, novel threats, state-sponsored hacktivism, and unprecedented innovation in the threat landscape.
·akamai.com·
Largest European DDoS Attack on Record
UPnProxy: Eternal Silence
UPnProxy: Eternal Silence
UPnProxy is alive and well. There are 277,000 devices, out of a pool of 3.5 million, running vulnerable implementations of UPnP. Of those, Akamai can confirm that more than 45,000 have been compromised in a widely distributed UPnP NAT injection campaign.
·akamai.com·
UPnProxy: Eternal Silence
FritzFrog: P2P Botnet Hops Back on the Scene
FritzFrog: P2P Botnet Hops Back on the Scene
FritzFrog is a peer-to-peer botnet, which means its command and control server is not limited to a single, centralized machine, but rather can be done from every machine in its distributed network. In other words, every host running the malware process becomes part of the network, and is capable of sending, receiving, and executing the commands to control machines in the network.
·akamai.com·
FritzFrog: P2P Botnet Hops Back on the Scene
Largest European DDoS Attack on Record
Largest European DDoS Attack on Record
The risk of distributed denial-of-service attacks (DDoS) has never been greater. Over the past several years, organizations have encountered a deluge of DDoS extortion, novel threats, state-sponsored hacktivism, and unprecedented innovation in the threat landscape.
·akamai.com·
Largest European DDoS Attack on Record
UPnProxy: Eternal Silence
UPnProxy: Eternal Silence
UPnProxy is alive and well. There are 277,000 devices, out of a pool of 3.5 million, running vulnerable implementations of UPnP. Of those, Akamai can confirm that more than 45,000 have been compromised in a widely distributed UPnP NAT injection campaign.
·akamai.com·
UPnProxy: Eternal Silence
FritzFrog: P2P Botnet Hops Back on the Scene
FritzFrog: P2P Botnet Hops Back on the Scene
FritzFrog is a peer-to-peer botnet, which means its command and control server is not limited to a single, centralized machine, but rather can be done from every machine in its distributed network. In other words, every host running the malware process becomes part of the network, and is capable of sending, receiving, and executing the commands to control machines in the network.
·akamai.com·
FritzFrog: P2P Botnet Hops Back on the Scene
Largest European DDoS Attack on Record
Largest European DDoS Attack on Record
The risk of distributed denial-of-service attacks (DDoS) has never been greater. Over the past several years, organizations have encountered a deluge of DDoS extortion, novel threats, state-sponsored hacktivism, and unprecedented innovation in the threat landscape.
·akamai.com·
Largest European DDoS Attack on Record
UPnProxy: Eternal Silence
UPnProxy: Eternal Silence
UPnProxy is alive and well. There are 277,000 devices, out of a pool of 3.5 million, running vulnerable implementations of UPnP. Of those, Akamai can confirm that more than 45,000 have been compromised in a widely distributed UPnP NAT injection campaign.
·akamai.com·
UPnProxy: Eternal Silence
FritzFrog: P2P Botnet Hops Back on the Scene
FritzFrog: P2P Botnet Hops Back on the Scene
FritzFrog is a peer-to-peer botnet, which means its command and control server is not limited to a single, centralized machine, but rather can be done from every machine in its distributed network. In other words, every host running the malware process becomes part of the network, and is capable of sending, receiving, and executing the commands to control machines in the network.
·akamai.com·
FritzFrog: P2P Botnet Hops Back on the Scene
What a Cluster: Local Volumes Vulnerability in Kubernetes
What a Cluster: Local Volumes Vulnerability in Kubernetes
  • Akamai security researcher Tomer Peled recently discovered a high-severity vulnerability in Kubernetes that was assigned CVE-2023-5528 with a CVSS score of 7.2. The vulnerability allows remote code execution with SYSTEM privileges on all Windows endpoints within a Kubernetes cluster. To exploit this vulnerability, the attacker needs to apply malicious YAML files on the cluster. This vulnerability can lead to full takeover on all Windows nodes in a cluster. This vulnerability can be exploited on default installations of Kubernetes (earlier than version 1.28.4), and was tested against both on-prem deployments and Azure Kubernetes Service. In this blog post, we provide a proof-of-concept YAML file as well as an Open Policy Agent (OPA) rule for blocking this vulnerability.
·akamai.com·
What a Cluster: Local Volumes Vulnerability in Kubernetes
Largest European DDoS Attack on Record
Largest European DDoS Attack on Record
The risk of distributed denial-of-service attacks (DDoS) has never been greater. Over the past several years, organizations have encountered a deluge of DDoS extortion, novel threats, state-sponsored hacktivism, and unprecedented innovation in the threat landscape.
·akamai.com·
Largest European DDoS Attack on Record
UPnProxy: Eternal Silence
UPnProxy: Eternal Silence
UPnProxy is alive and well. There are 277,000 devices, out of a pool of 3.5 million, running vulnerable implementations of UPnP. Of those, Akamai can confirm that more than 45,000 have been compromised in a widely distributed UPnP NAT injection campaign.
·akamai.com·
UPnProxy: Eternal Silence
FritzFrog: P2P Botnet Hops Back on the Scene
FritzFrog: P2P Botnet Hops Back on the Scene
FritzFrog is a peer-to-peer botnet, which means its command and control server is not limited to a single, centralized machine, but rather can be done from every machine in its distributed network. In other words, every host running the malware process becomes part of the network, and is capable of sending, receiving, and executing the commands to control machines in the network.
·akamai.com·
FritzFrog: P2P Botnet Hops Back on the Scene
Largest European DDoS Attack on Record
Largest European DDoS Attack on Record
The risk of distributed denial-of-service attacks (DDoS) has never been greater. Over the past several years, organizations have encountered a deluge of DDoS extortion, novel threats, state-sponsored hacktivism, and unprecedented innovation in the threat landscape.
·akamai.com·
Largest European DDoS Attack on Record