Security News

A high-severity vulnerability discovered recently in an open source library named Lasso has been found to impact products from Cisco and Akamai, as well as Linux distributions. The vulnerability, tracked as CVE-2021-28091, was initially reported to Akamai as it was discovered in the company's Enterprise Application Access product, which uses Lasso to verify SAML assertions for applications when a customer configures SAML authentication with third-party identity providers.

The recently observed assaults haven't reached the magnitude of the largest DDoS attacks the company has mitigated to date, which have peaked at 1.35 Tbps in 2018 and at 1.44 Tbps in 2020, but three of them are among the six biggest volumetric DDoS attacks Akamai has ever encountered. Akamai says the increased number of bigger volumetric DDoS attacks is the new norm.

Akamai Technologies announced the launch of Akamai MFA, a phish-proof solution designed to enable enterprises to quickly deploy FIDO2 multi-factor authentication without the need to deploy and manage hardware security keys. Akamai MFA uses a smartphone application that transforms existing smartphones into a hardware security key to deliver a frictionless user experience.

Akamai on Tuesday announced that it has acquired Asavie, an Ireland-based company that provides mobility, IoT and cybersecurity solutions. Asavie has developed a platform that helps enterprises secure their mobile and IoT devices by placing assets inside private network slices.

Hackers are breaking into online loyalty card accounts using stolen credentials or easily obtainable information, and then not only ransacking the profiles' balances but also harvesting victims' personal data for subsequent identity theft, Akamai has warned. In its Loyalty for Sale - Retail and Hospitality Fraud report published today, Akamai reckoned that ne'er-do-wells began actively targeting retail, travel, and hospitality sectors with a wave of credential-stuffing attacks that accelerated as the COVID-19 pandemic forced most retail activity onto the web.

Akamai on Thursday revealed that it mitigated a second record-setting distributed denial-of-service attack since the beginning of June, one that peaked at 809 MPPS. Earlier this month, the company shared details on the mitigation of a 1.44 TBPS DDoS assault that reached 385 MPPS at its peak, but the more recent incident, which happened on June 21, was more than double the size in terms of PPS. The attack, which lasted just over 10 minutes, reached 418 GBPS within seconds, and 809 MPPS in two minutes. Designed to overwhelm DDoS mitigation systems through a high PPS load, the attack involved the use of packets carrying 1 byte payloads, Akamai says.

Akamai reckons it blocked what may be the largest distributed denial-of-service attack ever, in terms of packets per second. The security team told The Register it is the largest such attack Akamai has ever encountered, let alone blocked, and the CDN believes that it is likely the largest DDoS attack to hit any network, in terms of packets per second.

The first week of June 2020 arrived with a massive 1.44 TBPS distributed denial of service attack, Akamai reveals. While typical DDoS attacks show geographically concentrated traffic, this assault was different, with the traffic being globally distributed.

Arc Publishing, the premier content management platform from The Washington Post, announces it has expanded its integration with industry-leading software from Akamai, Catchpoint and MuleSoft, greatly enhancing its capabilities for enterprise customers worldwide to ensure they have access to the best-in-class tools on the market. "Operational continuity, ease of use, and efficiency have never been more critical and it's during times like these that our partnerships truly set Arc apart, ensuring stability, performance and scale for our customers so they can continue pressing forward toward their goals," said Scot Gillespie, VP and GM of Arc Publishing.

Akamai, the intelligent edge platform for securing and delivering digital experiences, announced the launch of Page Integrity Manager, an in-browser threat detection solution designed to uncover compromised scripts that could be used to steal user data or impact the user experience. Initially popularized by Magecart groups, and now being leveraged by other threat actors, the attack vector of malicious web page scripts is growing and has become a frequent source of data breaches.