The Akamai Blog

Microsoft?s April 2022 Patch Tuesday introduced patches to more than a hundred new vulnerabilities in various components. Three critical vulnerabilities were found and patched in Windows RPC (Remote Procedure Call) runtime: CVE-2022-24492 and CVE-2022-24528 (discovered by Yuki Chen with Cyber KunLun) CVE-2022-26809 (discovered by BugHunter010 with Kunlun)

Obviously we?re proud to be a leader. Bot management is a contact sport, where being great is a requirement if you want to stop the persistent adversarial bots. So it?s rewarding to be recognized for the work we?re doing keeping the bad bots away from our customers? digital businesses.

Protecting sensitive information is a recurring and widely known concern in the security community. As researchers, we know all too well how information can be used maliciously (I mean, come on ? it?s our job). Considering the size of the threat vector that is LFI, it?s something that developers and security professionals alike need to be aware of.

Just three weeks have gone by since Akamai officially welcomed Linode into our fold, and I?m encouraged by the excitement that so many have expressed about the combination of our two companies since we announced the acquisition in February. In conversations with us, industry analysts use the word ?transformational? to sum up the potential impact of our merger on the marketplace.

Conti is a notorious ransomware group that targets high-revenue organizations. They were first detected in 2020, and appear to be based in Russia. It is believed that the group is the successor to Ryuk ransomware group. According to Chainalysis, The ransomware group was the highest grossing of all ransomware groups in 2021, with an estimated revenue of at least 180 million dollars.

Although Spring Cloud Functions are not as widespread as the Log4j library, and should provide a good separation from the hosting server, some draw the line between the two, due to the ease of exploitation over HTTP/s. This new vulnerability will definitely result in many threat actors launching campaigns for crypto-mining, ddos, ransomware, and as a golden ticket to break into organizations for the next years to come.

When Spring, the Java-based application, fell victim to cyberattacks, Akamai's Adaptive Security Engine detected zero-day attacks and protected customers against them.

After more than a year of dedication and hard work, we are delighted to officially announce the launch of our new Edge Diagnostics application on March 30, 2022. Diagnosing network and content issues quickly and effectively is critical to your success! Therefore the aim is to make the existing diagnostic tools faster, easier to navigate, more user-friendly, and with improved functionality and a developer focus in mind.

At Akamai and across the tech industry at large, best practices and tools are constantly evolving. To keep up with these changes, a passion for learning is key, especially among those who support and enable others. One Senior Enterprise Architect on Akamai?s Advanced Solutions team, Anthony Hogg, truly embodies this value.

Gameloft is a leading gaming provider with more than 20 years of history. The company, created in 2000, has a passion for games and a desire to distribute them to even more players around the world. By bringing the wonders of games to mobile devices and, now, to all digital platforms, Gameloft has helped to create an entirely new market that has become the biggest one in gaming. We?re very excited that this company, which has revolutionized the gaming industry, has chosen to work with Akamai.

Akamai?s India Corporate Social Responsibility (CSR) Trust is helping to tackle this major challenge. In accordance with the country?s CSR mandates, the trust allocates 2% of the branch?s revenue to CSR programs. Its flagship initiative is the Akamai Accelerator Program, which supports innovators who use scalable and sustainable technologies to solve India?s water crisis. As the impacts of climate change accelerate, so must we.

We have some excellent highlights this month. We?re excited to announce new videos, useful articles, an event recap, and much more.

The need for businesses to deploy MFA for the protection of employee accounts has never been greater ? according to the latest Verizon Data Breach report, nearly 80% of data breaches involve the use of stolen or compromised employee credentials and brute force logins.

I am incredibly excited to announce that today we have completed the acquisition of Linode. You may have seen our press release announcing the acquisition, or listened to our earnings call during which our executives discussed why this is the right strategic investment for Akamai. But I wanted to use this opportunity to highlight why, as a technologist, this is such an important step forward for both Akamai and Linode, and what you can expect to see from us in the future.

Akamai plans to submit a number of our shared domains to the ?PRIVATE? section of the Public Suffix List (PSL) at some point on or after March 31, 2022. The PSL contains multi-party domain suffixes and is used by a wide range of client software (for example, web browsers) to implement policy decisions, such as to prevent cookies from being set on public or multi-party domains.

A vulnerability in enterprise collaboration suite MiCollab by telecommunications company Mitel has been abused for distributed denial-of-service (DDoS) attacks with record-breaking amplification potential.

We are excited to be named a Leader in The Forrester New Wave?: Microsegmentation, Q1 2022. We were evaluated alongside eight other vendors in the microsegmentation space and ranked in 10 criteria, including product vision, interface and reporting, host agents, agentless aspect, product, and services support.

In May 2021, following a number of high-profile security incidents, U.S. President Biden issued an executive order that set out a high-level agenda to modernize and improve the government?s cyber resilience. This January, the U.S. Office of Management and Budget (OMB) issued a memo to the heads of executive departments and agencies that gave much more detail on how the U.S. government will move toward Zero Trust security principles.

Cybersquatting, also known as domain squatting, is a type of scam that mimics a brand's domain to confuse potential victims and gain their trust. According to Revision Legal, ?Cybersquatting is prohibited in the U.S. by federal law under the Anticybersquatting Consumer Protection Act (ACPA.)? These fake domains can be used in cyberattacks ? especially phishing attacks.

Akamai data shows that in the days leading up to and including Lunar New Year, the activity of malicious bots increased 15% in China over the previous month. While a similar surge occurs during the high-traffic seen at the end-of-year holidays in EMEA and the U.S. ? China and Japan present a particularly enticing opportunity for successful cyberattacks because of the sheer volume in traffic: Retailers and ecommerce here serve some of the largest populations in the world.