https://www.akamai.com/blog Akamai Security Intelligence and Threat Research Blog en Akamai Technologies https://www.akamai.com/blog/security/anatomy-of-a-syn-ack-attack Chad Seaman https://www.akamai.com/blog/security/anatomy-of-a-syn-ack-attack Tue, 01 Apr 2025 12:00:00 UTC Over the past week, Akamai Security Researchers have detected and analyzed a series of TCP reflection attacks, peaking at 11 Gbps at 1.5 Mpps, that were leveled against Akamai customers. The attack, amplified with a technique called TCP Middlebox Reflection, abuses vulnerable firewalls and content filtering systems to reflect and amplify TCP traffic to a victim machine, creating a powerful DDoS attack. https://www.akamai.com/blog/security/tcp-middlebox-reflection Security Intelligence Response Team https://www.akamai.com/blog/security/tcp-middlebox-reflection Tue, 01 Mar 2022 13:38:00 UTC The series of vulnerabilities recently discovered in Log4j2 has shocked the internet. As part of our continuing research, on December 17, Hideki Okamoto from Akamai found and responsibly reported an additional denial-of-service (DoS) vulnerability, which was assigned as CVE-2021-45105. https://www.akamai.com/blog/security/akamai-reports-another-dos-inlog4j2 Akamai Threat Research Team https://www.akamai.com/blog/security/akamai-reports-another-dos-inlog4j2 Mon, 20 Dec 2021 18:30:57 UTC Recently, there has been a plethora of UPX packed crypto-mining malware written in Golang targeting Linux systems and web applications popping up in the news. The malware’s primary tactic is to spread by taking advantage of vulnerable systems and weak administrative credentials. Once they’ve been infected, these systems are then used to mine cryptocurrency. I’ve named the sample I examined for this post ‘Capoae,’ based on the code’s output to my terminal. https://www.akamai.com/blog/security/capoae-malware-ramps-up-uses-multiple-vulnerabilities-and-tactics-to-spread Larry Cashdollar https://www.akamai.com/blog/security/capoae-malware-ramps-up-uses-multiple-vulnerabilities-and-tactics-to-spread Thu, 16 Sep 2021 13:00:00 UTC The campaign was first seen by the Akamai SIRT on February 16, 2021, and appears to be targeting both Windows and Linux systems. The botnet caught our interest because it has shown to be highly active across a diverse set of geographical regions, including the Americas, Europe, and Asia. https://www.akamai.com/blog/security/kinsing-evolves-adds-windows-to-attack-list Evyatar Saias https://www.akamai.com/blog/security/kinsing-evolves-adds-windows-to-attack-list Thu, 16 Sep 2021 13:00:00 UTC Researching malware has many challenges. One of those challenges is obfuscated code and intentionally corrupted binaries. To address challenges like this, we've written a small tool in C that could fix intentionally corrupted binaries automatically. We also plan to open-source the project so other researchers could use it too, and perhaps improve and expand upon the tool's capabilities as needed. https://www.akamai.com/blog/security/upx-packed-headaches Akamai SIRT https://www.akamai.com/blog/security/upx-packed-headaches Mon, 23 Aug 2021 04:00:00 UTC HTTP Request Smuggling (also known as an HTTP Desync Attack) has experienced a resurgence in security research recently, thanks in large part to the outstanding work by security researcher James Kettle. His 2019 Blackhat presentation on HTTP Desync attacks exposed vulnerabilities with different implementations of the HTTP Standards, particularly within proxy servers and Content Delivery Networks (CDNs).These implementation differences with regard to how proxy servers interpret the construction of web requests have led to new request smuggling vulnerabilities. (Direct link to information on new vulnerability). https://www.akamai.com/blog/security/http-2-request-smuggling Ryan Barnett https://www.akamai.com/blog/security/http-2-request-smuggling Thu, 05 Aug 2021 04:00:00 UTC On July 2, 2021, Kaseya disclosed an active attack against customers using its VSA product, and urged all on-premise customers to switch-off Kaseya VSA. Shortly before this alert, users on Reddit started describing ransomware incidents against managed security providers (MSPs), and the common thread among them was on-premise VSA deployments. In the hours to follow, several indicators of compromise (IOCs) were released, and Akamai was able to observe some of that traffic. A patch for the VSA product was released by Kaseya on July 11. https://www.akamai.com/blog/security/kaseya-supply-chain-ransomware-attack Ryan Barnett https://www.akamai.com/blog/security/kaseya-supply-chain-ransomware-attack Thu, 15 Jul 2021 04:00:00 UTC This is a write up of a NorthSec 2021 CTF problem I solved with Allan Wirth (@Allan_Wirth) as part of team SaaS which finished in 3rd. It was an extremely creative problem to solve so I wanted to share it here. https://www.akamai.com/blog/security/northsec-ctf-2021-write-up-impurity-assessment-form Samuel Erb https://www.akamai.com/blog/security/northsec-ctf-2021-write-up-impurity-assessment-form Tue, 22 Jun 2021 04:00:00 UTC When you hear the word "malware", the first thing that might come to your mind is a PC or laptop. You think about some weird advertising pop-ups or unrecognized processes running in the background. https://www.akamai.com/blog/security/what-a-funny-app-i-got-here Aleksandra Blaszczyk https://www.akamai.com/blog/security/what-a-funny-app-i-got-here Mon, 21 Jun 2021 04:00:00 UTC https://www.akamai.com/blog/security/thinkphp-exploit-actively-exploited-in-the-wild Larry Cashdollar https://www.akamai.com/blog/security/thinkphp-exploit-actively-exploited-in-the-wild Wed, 26 May 2021 04:00:00 UTC While examining my honeypot logs and digging through the newly downloaded binaries last week, I noticed a large compressed file. I figured it would be a crypto miner, typically a tar archive and gzip (normally erroneously) compressed. I moved the archive over to my test lab and started examining the contents. https://www.akamai.com/blog/security/romanian-crypto-mining-infection Larry Cashdollar https://www.akamai.com/blog/security/romanian-crypto-mining-infection Mon, 24 May 2021 04:00:00 UTC By the time you read this post, the 2021 Verizon Data Breach Investigation Report (DBIR) will be published. Akamai has been one of the many partners contributing data to this report for more than half a decade. We greatly value the time, effort, and dedicated data science that goes into providing this level of research to the security community. https://www.akamai.com/blog/security/partnering-with-verizon-on-the-2021-dbir Martin McKeay https://www.akamai.com/blog/security/partnering-with-verizon-on-the-2021-dbir Thu, 13 May 2021 04:00:00 UTC Tax scams are some of the oldest scams in a criminal's book, and they're highly attractive to criminals for many reasons. https://www.akamai.com/blog/security/two-years-of-tax-phishing-the-oldest-scam-in-the-book Or Katz https://www.akamai.com/blog/security/two-years-of-tax-phishing-the-oldest-scam-in-the-book Wed, 05 May 2021 04:00:00 UTC Criminals love tax season. The stress and urgency surrounding this time of year makes the victim pool highly vulnerable to various types of schemes. https://www.akamai.com/blog/security/tax-season-criminals-play-the-numbers-game-too Steve Ragan https://www.akamai.com/blog/security/tax-season-criminals-play-the-numbers-game-too Tue, 06 Apr 2021 04:00:00 UTC At Akamai, the Enterprise Security Red Team (ESRT) continuously strives to evaluate the security of both our external and internal services. https://www.akamai.com/blog/security/cve-2020-15915-quest-for-kace-blind-sqli Samuel Erb https://www.akamai.com/blog/security/cve-2020-15915-quest-for-kace-blind-sqli Fri, 26 Mar 2021 04:00:00 UTC Recent attacks against Akamai customers have leveraged a networking protocol known as protocol 33, or Datagram Congestion Control Protocol (DCCP). https://www.akamai.com/blog/security/threat-advisory-dccp-for-ddos Chad Seaman https://www.akamai.com/blog/security/threat-advisory-dccp-for-ddos Tue, 23 Mar 2021 04:00:00 UTC There are many crypto mining malware variants infecting systems on the internet. On Friday, March 4, 2021, I noticed an interesting hit in my honeypot logs. The binary it captured stood out, as it was rather large at 4MB. I immediately thought it would be a crypto miner written in the Go language. I was correct. This one however, has some newer exploits it's using for proliferation. https://www.akamai.com/blog/security/another-golang-crypto-miner-on-the-loose Larry Cashdollar https://www.akamai.com/blog/security/another-golang-crypto-miner-on-the-loose Tue, 16 Mar 2021 04:00:00 UTC https://www.akamai.com/blog/security/now-launching-soti-research Amanda Goedde https://www.akamai.com/blog/security/now-launching-soti-research Wed, 10 Mar 2021 05:00:00 UTC Previously, I introduced the field of sensor systems architecture and posed a real world example scenario of the unnecessary resource costs and hazards that can happen when the deployment of sensors isn't carefully thought out. https://www.akamai.com/blog/security/sensor-architecture-can-help-keep-us-up-and-running-part-2 Kristin Nelson-Patel https://www.akamai.com/blog/security/sensor-architecture-can-help-keep-us-up-and-running-part-2 Tue, 09 Mar 2021 05:00:00 UTC In the constant press of rolling out ever better products and services to our customers, it can be easy-- and often necessary-- to fall into a reactive mode around reliability. https://www.akamai.com/blog/security/sensor-architecture-can-help-keep-us-up-and-running-part-1 Kristin Nelson-Patel https://www.akamai.com/blog/security/sensor-architecture-can-help-keep-us-up-and-running-part-1 Thu, 04 Mar 2021 05:00:00 UTC A colleague asked me to share my thoughts on building a "better team". I confess, I stumbled on the word "better". Better than what exactly? https://www.akamai.com/blog/security/better-or-more-effective Fadi Saba https://www.akamai.com/blog/security/better-or-more-effective Mon, 01 Mar 2021 05:00:00 UTC Having previously decided we need to make a new hire onto our team, part 1 of this series examined how to meet the needs of our team going into the future, instead of just adding surface visible technical skills. https://www.akamai.com/blog/security/optimizing-for-performance-one-hire-at-a-time-part-3 Kathryn Kun https://www.akamai.com/blog/security/optimizing-for-performance-one-hire-at-a-time-part-3 Thu, 25 Feb 2021 05:00:00 UTC A recent piece of malware from a known crypto mining botnet campaign has started leveraging Bitcoin blockchain transactions in order to hide its backup C2 IP address. It's a simple, yet effective, way to defeat takedown attempts. https://www.akamai.com/blog/security/bitcoins--blockchains--and-botnets Evyatar Saias https://www.akamai.com/blog/security/bitcoins--blockchains--and-botnets Tue, 23 Feb 2021 05:00:00 UTC I remember well my first day as a member of Akamai's InfoSec department. The Friday prior, I'd just completed the Akamai Technical Academy, a five-month crash-course in all things tech, and was now, on a cold but sunny Monday morning, joining InfoSec for their weekly staff meeting. Eager to make a good first impression, I took a seat at the large, crowded conference table, opened my notebook, and started to take notes. https://www.akamai.com/blog/security/out-of-my-depth-where-i-belong Guest Blogger https://www.akamai.com/blog/security/out-of-my-depth-where-i-belong Fri, 19 Feb 2021 05:00:00 UTC On 14 July, 2020, Oliver Hough, a security researcher from Cyjax, published a report centered on a phishing campaign targeting banking customers in the United Kingdom, which evades two-factor authentication (2FA). https://www.akamai.com/blog/security/massive-campaign-targeting-uk-banks-bypassing-2fa Or Katz https://www.akamai.com/blog/security/massive-campaign-targeting-uk-banks-bypassing-2fa Thu, 18 Feb 2021 05:00:00 UTC It's 2021, but the anxiety, fear, uncertainty, and stress caused by the COVID-19 pandemic in 2020 is very much alive today. https://www.akamai.com/blog/security/nhs-vaccine-scams-criminals-still-targeting-covid-19-anxiety Steve Ragan https://www.akamai.com/blog/security/nhs-vaccine-scams-criminals-still-targeting-covid-19-anxiety Thu, 11 Feb 2021 05:00:00 UTC It's a lot of fun to imagine and design the best team. As managers, it's rare that we get to build a team from the ground up and all at once. https://www.akamai.com/blog/security/optimizing-for-performance-one-hire-at-a-time-part-1 Kathryn Kun https://www.akamai.com/blog/security/optimizing-for-performance-one-hire-at-a-time-part-1 Wed, 10 Feb 2021 05:00:00 UTC During the COVID-19 pandemic, I wanted to extend the local WiFi in my home to reach all the floors. The goal was to have full connectivity from every location in the house. https://www.akamai.com/blog/security/command-injection-on-a-d-link-router Assaf Vilmovski https://www.akamai.com/blog/security/command-injection-on-a-d-link-router Tue, 09 Feb 2021 05:00:00 UTC A few years ago, I wrote a blog post trying to explain, with humor, why choosing application security as a career path is destiny derived by my parents calling me "Or", and why a personal name that is a conditional word can sometimes be challenging in daily routines, since some attack payloads contain conditional words. https://www.akamai.com/blog/security/when-destiny-is-knocking-on-your-door-again-data-mining-cdn-logs Or Katz https://www.akamai.com/blog/security/when-destiny-is-knocking-on-your-door-again-data-mining-cdn-logs Wed, 27 Jan 2021 05:00:00 UTC When we write the SOTI and talk about attacks against gamers, we spend a good deal of time focusing on network-level events, such as DDoS and credential stuffing. https://www.akamai.com/blog/security/minecraft-players-are-targets-even-off-the-network Steve Ragan https://www.akamai.com/blog/security/minecraft-players-are-targets-even-off-the-network Tue, 26 Jan 2021 05:00:00 UTC This post will focus on the weaponization of a few of the exploits only, as Sarit and Ofir documented everything else. https://www.akamai.com/blog/security/what-happens-when-your-vulnerability-is-weaponized-for-botnet-proliferation Larry Cashdollar https://www.akamai.com/blog/security/what-happens-when-your-vulnerability-is-weaponized-for-botnet-proliferation Tue, 26 Jan 2021 05:00:00 UTC By Gal Bitensky, Executive Summary Link scanners are a critical component in multiple classes of security products including email security suites, websites that suggest direct inspection of a suspicious link, and others. Behind the scenes, these services use web clients... https://www.akamai.com/blog/security/evading-link-scanning-security-services-with-passive-fingerprinting Gal Bitensky https://www.akamai.com/blog/security/evading-link-scanning-security-services-with-passive-fingerprinting Wed, 09 Dec 2020 05:00:00 UTC 2020 was a challenging year for many of us, as the COVID-19 pandemic disrupted life and introduced challenges in almost all elements of living. 2020 was also challenging from a cybersecurity point of view, as nearly the entire workforce moved... https://www.akamai.com/blog/security/phishing-summary-2020-trends-and-highlights Or Katz https://www.akamai.com/blog/security/phishing-summary-2020-trends-and-highlights Tue, 08 Dec 2020 05:00:00 UTC While recently looking over my honeypots, I discovered an infection where a malicious actor added a storefront on top of my existing WordPress installation. For background, this particular honeypot is a full instance of WordPress running on a Docker image.... https://www.akamai.com/blog/security/wordpress-malware-setting-up-seo-shops Larry Cashdollar https://www.akamai.com/blog/security/wordpress-malware-setting-up-seo-shops Fri, 20 Nov 2020 05:00:00 UTC While conducting threat research on phishing evasion techniques, Akamai came across threat actors using obfuscation and encryption, making the malicious page harder to detect. The criminals were using JavaScript to pull this off.... https://www.akamai.com/blog/security/catch-me-if-you-can-javascript-obfuscation Or Katz https://www.akamai.com/blog/security/catch-me-if-you-can-javascript-obfuscation Mon, 26 Oct 2020 04:00:00 UTC In terms of the Distributed Denial of Service (DDoS) landscape, 2020 was almost boring prior to the beginning of August. The excitement from the record peak Gbps and Mpps seen in early summer had worn off, and we weren't seeing... https://www.akamai.com/blog/security/ddos-extortion-examination Tom Emmons https://www.akamai.com/blog/security/ddos-extortion-examination Fri, 16 Oct 2020 04:00:00 UTC Update 08/24/2020 As mentioned below, the Akamai SIRT has been tracking attacks from the so-called Armada Collective and Fancy Bear actors, who are sending ransom letters to various industry verticals such as finance, travel, and e-commerce. In addition to the... https://www.akamai.com/blog/security/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail Akamai SIRT https://www.akamai.com/blog/security/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail Mon, 17 Aug 2020 04:00:00 UTC By: Larry Cashdollar Malware that can target Windows and Linux systems was recently installed on my honeypot. After some investigation, I determined it to be similar to the malware discovered in February of 2019 by Malwarebytes, and later examined by... https://www.akamai.com/blog/security/stealthworker-golang-based-brute-force-malware-still-an-active-threat Larry Cashdollar https://www.akamai.com/blog/security/stealthworker-golang-based-brute-force-malware-still-an-active-threat Wed, 03 Jun 2020 04:00:00 UTC The internationalized domain name (IDN) homograph attack is used to form domain names that visually resemble legitimate domain names, albeit, using a different set of characters [1]. For example, the IDN https://www.akamai.com/blog/security/watch-your-step-the-prevalence-of-idn-homograph-attacks Asaf Nadler https://www.akamai.com/blog/security/watch-your-step-the-prevalence-of-idn-homograph-attacks Wed, 27 May 2020 04:00:00 UTC Introduction In our previous post, The Building Wave of Internet Traffic, we looked at the traffic patterns across Europe and the effect the COVID-19 pandemic has had. We examined traffic in Italy, Poland, and Spain, and demonstrated how we observed... https://www.akamai.com/blog/security/parts-of-a-whole-effect-of-covid-19-on-us-internet-traffic Martin McKeay https://www.akamai.com/blog/security/parts-of-a-whole-effect-of-covid-19-on-us-internet-traffic Wed, 29 Apr 2020 04:00:00 UTC The Novel Coronavirus, and the resulting viral respiratory illness caused by it, COVID-19, is changing our world. As much as possible, people around the world are practicing social distancing. This means working remotely for a large number of people, possibly... https://www.akamai.com/blog/security/the-building-wave-of-internet-traffic Martin McKeay https://www.akamai.com/blog/security/the-building-wave-of-internet-traffic Mon, 13 Apr 2020 04:00:00 UTC Overview Being a Content Delivery Network (CDN) platform, sometimes you can see fractions of attacks on the wire. In this blog, we will focus on phishing websites that, while not being delivered by the Akamai platform, are referring to or... https://www.akamai.com/blog/security/phishing-victims-from-a-cdns-point-of-view Or Katz https://www.akamai.com/blog/security/phishing-victims-from-a-cdns-point-of-view Tue, 10 Mar 2020 04:00:00 UTC Earlier this year, Akamai's Enterprise team tackled the problem of DGA detection in the wild by using Neural Networks, essentially creating a state-of-the-art solution for near online detection of DGA communication.... https://www.akamai.com/blog/security/tackling-dga-based-malware-detection-in-dns-traffic Yael Daihes https://www.akamai.com/blog/security/tackling-dga-based-malware-detection-in-dns-traffic Tue, 18 Feb 2020 05:00:00 UTC The Service Worker web API is a powerful new API for web browsers. During our research, we have found several ways attackers can leverage this API to enhance their low-to-medium risk findings into a powerful and meaningful attack. By... https://www.akamai.com/blog/security/abusing-the-service-workers-api Daniel Abeles https://www.akamai.com/blog/security/abusing-the-service-workers-api Mon, 20 Jan 2020 05:00:00 UTC Summary On January 14, 2020, CERT CC published an advisory warning of the potential use of Content Delivery Networks (CDNs) to cache malicious traffic. Akamai acknowledges this issue and has been aware of similar research in the past. This advisory... https://www.akamai.com/blog/security/http-cache-poisoning-advisory Akamai https://www.akamai.com/blog/security/http-cache-poisoning-advisory Mon, 13 Jan 2020 05:00:00 UTC A group calling themselves "Cozy Bear" has been emailing various companies with an extortion letter, demanding payment and threatening targeted DDoS attacks if their demands are not met.... https://www.akamai.com/blog/security/fake-cozy-bear-group-making-ddos-extortion-demands Akamai SIRT https://www.akamai.com/blog/security/fake-cozy-bear-group-making-ddos-extortion-demands Fri, 15 Nov 2019 05:00:00 UTC As mentioned in previous Akamai blogs, phishing is an ecosystem of mostly framework developers and buyers who purchase kits to harvest credentials and other sensitive information. Like many framework developers, those focusing on phishing kits want to create an efficient... https://www.akamai.com/blog/security/phishing-detection-via-analytic-networks Tomer Shlomo https://www.akamai.com/blog/security/phishing-detection-via-analytic-networks Wed, 06 Nov 2019 05:00:00 UTC Additional research and support provided by Chad Seaman. Introduction Members of Akamai's Security Intelligence Response Team have been investigating a new DDoS vector that leverages a UDP Amplification technique known as WS-Discovery (WSD). The situation surrounding WSD was recently made... https://www.akamai.com/blog/security/new-ddos-vector-observed-in-the-wild-wsd-attacks-hitting-35gbps Jonathan Respeto https://www.akamai.com/blog/security/new-ddos-vector-observed-in-the-wild-wsd-attacks-hitting-35gbps Wed, 18 Sep 2019 04:00:00 UTC I have been playing close attention to Internet of Things (IoT) malware targeting systems with Telnet enabled, while also collecting samples targeting systems with SSH enabled on port 22. I've collected over 650 samples landing in my honeypot within the... https://www.akamai.com/blog/security/xmr-cryptomining-targeting-x86i686-systems Larry Cashdollar https://www.akamai.com/blog/security/xmr-cryptomining-targeting-x86i686-systems Fri, 30 Aug 2019 04:00:00 UTC On Tuesday, August 13th at 10 AM Pacific Time (1700UTC), Netflix publicly disclosed a series of vulnerabilities found by Jonathan Looney that impact many implementations of the HTTP2 protocol. A vulnerability found by Piotr Sikora of Google was also released... https://www.akamai.com/blog/security/http2-vulnerabilities Akamai https://www.akamai.com/blog/security/http2-vulnerabilities Tue, 13 Aug 2019 04:00:00 UTC In June 2019, logs on my personal website recorded markers that were clearly Remote File Inclusion (RFI) vulnerability attempts. The investigation into the attempts uncovered a campaign of targeted RFI attacks that currently are being leveraged to deploy phishing kits.... https://www.akamai.com/blog/security/criminals-using-targeted-remote-file-inclusion-attacks-in-phishing-campaigns Larry Cashdollar https://www.akamai.com/blog/security/criminals-using-targeted-remote-file-inclusion-attacks-in-phishing-campaigns Mon, 29 Jul 2019 04:00:00 UTC Additional research and information provided by Asaf Nadler Recent changes to the Pykspa v2 domain generation algorithm (DGA) have made it more selective. Akamai researchers have tracked these changes and believe that part of the reason for selective domain generation... https://www.akamai.com/blog/security/pykspa-v2-dga-updated-to-become-selective Lior Lahav https://www.akamai.com/blog/security/pykspa-v2-dga-updated-to-become-selective Thu, 11 Jul 2019 04:00:00 UTC On June 25th, I discovered a new bot named Silexbot on my honeypot. The bot itself is a blunt tool used to destroy IoT devices. Its author, someone who claims to be a 14-year-old boy from Europe, has made his... https://www.akamai.com/blog/security/sirt-advisory-silexbot-bricking-systems-with-known-default-login-credentials Larry Cashdollar https://www.akamai.com/blog/security/sirt-advisory-silexbot-bricking-systems-with-known-default-login-credentials Wed, 26 Jun 2019 04:00:00 UTC https://www.akamai.com/blog/security/cloudtest-vulnerability-cve-2019-11011 Akamai InfoSec https://www.akamai.com/blog/security/cloudtest-vulnerability-cve-2019-11011 Sun, 16 Jun 2019 04:00:00 UTC Phishing is a multifaceted type of attack, aimed at collecting usernames and passwords, personal information, or sometimes both. Yet, these attacks only work so long as the phishing kit itself remains hidden. Phishing is a numbers game and time is... https://www.akamai.com/blog/security/catch-me-if-you-can-evasive-and-defensive-techniques-in-phishing Or Katz https://www.akamai.com/blog/security/catch-me-if-you-can-evasive-and-defensive-techniques-in-phishing Wed, 12 Jun 2019 04:00:00 UTC Researchers at Akamai observed attackers using a novel approach for evading detection. This new technique - which we call Cipher Stunting - has become a growing threat, with its roots tracing back to early-2018. By using advanced methods, attackers are... https://www.akamai.com/blog/security/bots-tampering-with-tls-to-avoid-detection Security Intelligence Response Team https://www.akamai.com/blog/security/bots-tampering-with-tls-to-avoid-detection Wed, 15 May 2019 04:00:00 UTC When it comes to phishing, criminals put a lot of effort into making their attacks look legitimate, while putting pressure on their victims to take action. In today's post, we're going to examine a recent phishing attempt against me personally.... https://www.akamai.com/blog/security/phishing-attacks-against-facebook-google-via-google-translate Larry Cashdollar https://www.akamai.com/blog/security/phishing-attacks-against-facebook-google-via-google-translate Tue, 05 Feb 2019 05:00:00 UTC