Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
ioc.exchange is one of the many independent Mastodon servers you can use to participate in the fediverse.
INDICATORS OF COMPROMISE (IOC) InfoSec Community within the Fediverse. Newbies, experts, gurus - Everyone is Welcome! Instance is supposed to be fast and secure.

Administered by:

Server stats:

1.6K
active users

ioc.exchange: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.4

#akamai

4 posts4 participants0 posts today
Replied in thread
Public
lud

@Marcel_Gehlen dann wollen wir, Deinen Hinweis einen groesseren Kreis kundtun. Wie das so geht, kennst Du sicher.

Macht den #eXit und den #UnplugTrump , d.h. u.a. verlasst die #usServer der #TechMillardaere , wie z.B. #AWS , #apple #icloud , #MicroSoft #azure , #akamai , #googleCloud . Es gibt viele gute #europeanAlternatives und einige bedenkliche #euServer wie solche die AfD-Inhalte hosten : #hetzner wurde da genannt. Wer dort ist, sollte vielleicht mal nachdenken und -fragen.

Public
OTX Bot

PoisonSeed Campaign Targets CRM and Bulk Email Providers in Supply Chain Spam Operation

A new threat group, dubbed PoisonSeed, is targeting enterprise organizations and individuals outside the cryptocurrency industry. The campaign focuses on phishing CRM and bulk email providers' credentials to export email lists and send bulk spam. The attackers use a cryptocurrency seed phrase poisoning attack, providing security seed phrases to trick victims into compromising their wallets. Similarities have been detected between PoisonSeed, Scattered Spider, and CryptoChameleon, but the campaign is being classified separately due to unique characteristics. The attackers have set up phishing pages for prominent CRM and bulk email companies, including Mailchimp, SendGrid, Hubspot, Mailgun, and Zoho. Once credentials are phished, the process of bulk downloading email lists appears to be automated. The campaign also involves spam sent from compromised accounts, including a notable breach of an Akamai SendGrid account.

Pulse ID: 67f432acbd8d0957264e79a3
Pulse Link: otx.alienvault.com/pulse/67f43
Pulse Author: AlienVault
Created: 2025-04-07 20:16:44

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
#Akamai#Chameleon#CryptoChameleon
Public
OTX Bot

Negative Exposure: Edimax Network Cameras Used to Spread Mirai

The Akamai Security Intelligence and Response Team (SIRT) has identified a critical command injection vulnerability, CVE-2025-1316, in Edimax IC-7100 IP cameras. This flaw allows attackers to execute arbitrary commands remotely, leading to the integration of these devices into Mirai-based botnets. The vulnerability stems from improper neutralization of special elements in OS commands, enabling remote code execution through specially crafted requests. Despite detection efforts, Edimax has not provided patches, leaving affected devices exposed to ongoing exploitation.

Pulse ID: 67d7eb546507ad4fb355245f
Pulse Link: otx.alienvault.com/pulse/67d7e
Pulse Author: AlienVault
Created: 2025-03-17 09:28:52

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
#Akamai#CyberSecurity#InfoSec
Continued thread
Public
Neil Craig

Of course, there are other ways to configure sensitive values but I don't think it's necessarily obvious or front of mind when updating config and I honestly can't see (as someone who configures multiple services on Akamai regularly) why this feature is needed.
Unsure if it can be disabled or auth'd but I don't see any way to do that.
There are some docs which cover it a little bit: techdocs.akamai.com/download-d.
Just though it might not be common knowledge.
2/2
#Akamai #InfoSec #ReadTeam #BlueTeam

Public
Neil Craig

Akamai has what I personally think is a seriously risky mechanism for debugging HTTP requests/responses. You can send an HTTP request header of `pragma: akamai-x-get-extracted-values` for a URL served via Akamai & it'll return `x-akamai-session-info` response headers which include user-defined config variables - that's where the main risk is IMO. People may well not realise this feature exists & use the vars for sensitive info e.g. backend auth keys.
1/2
#Akamai #InfoSec #ReadTeam #BlueTeam

Public
tricia, queen of house cyberly :verified_paw: :donor:

oh man i'm stoked to share this one.

so at akamai we have these huge research reports called the State of the Internet (SOTIs) that we put out. they're typically pretty high level, showing what we've seen in a particular topic since such a huge portion of the internet runs on our stuff lol BUT this time, they let us try something new. :flow_happy:

This time, we pulled together some pretty deep, low-level technical research on risk scoring, a few botnets, vpn abuse, XSS, and k8s and collated it into an anthology designed for the defenders themselves. this was honestly a passion project of sorts (y'all know my nerdy ass loves this shit) and it turned out pretty great i think. i'll probs share it a few different times, it's a dense report lol

the vpn stuff in particular is interesting - they found a permados vuln in fortiOS 👀

akamai.com/lp/soti/cybersecuri

#security#cybersecurity#research
Public
BGDoncaster

By continuing to provide cloud and hosting services to TikTok, Oracle and Akamai are rolling the dice with massive legal and financial risks.

They are relying on Trump's promises not to enforce the TikTok ban law - in spite of clear evidence and case law that USA courts rarely protect defendants who count on executive non-enforcement.

They face potential penalties of $5K per user x 170M users! Plus there is a 5 year statute of limitations. What is to stop a future administration in pursuing violations regardless of Trump's current stance. lawfaremedia.org/article/trump #TikTok #Oracle #Akamai #TikTokban #lawsuit #legalrisk #liability #executiveorder #PAFACAA #cloud

TikTok logo
Public *
George Ellenburg (he/him/his)

#AskFedi -- #Contabo is raising prices for the #VPS that my #mail #server has been running on for the past 4 years. Anybody have any recommendations for VPS providers? (I run #Mailcow with about 20 domains that's containerized using #Docker).

Don't say #Hetzner. :-) All of my other shit is hosted with Hetzner and I'd rather not have all my "eggs" in one basket so to speak. In fact I'm looking at moving some shit off Hetzner because frankly there's too much and I've heard horrror stories about Hetzner when a customer's "business relationship" with them goes south.

#OVH is an option, and I used to host with OVH. But I've got issues with OVH so they're not top on my list. (Mainly the fact that it's impossible for me -- as a US Citizen -- to order a server and have it provisioned outside the US.)

#Linode is another option. But I switched from Linode to Hetzner when #Akamai took over and I'd really rather not go back. I hate Akamai. But I had absolutely no problems with Linode when I did use them.

Public
Erik Nygren :verified:

Great post from #Akamai's VP of Diversity, Inclusion, and Engagement reiterating Akamai's commitment to both our FlexBase flexible workspace program and our Diversity, Inclusion, and Engagement efforts. It is things like this which help Akamai have such a great culture and are reasons why I've stuck around for 25 years.

I signed up for an attended one of our DI&E trainings last week (seemed appropriate) and while I've heard most of the content before, one of the things that it made clear is how critical it is for a global company like ours to have a robust program that helps us have awesome people from all over the globe collaborating to solve tough problems, and to feel engaged and included in ways that foster collaboration and increased productivity.

linkedin.com/feed/update/urn:l

www.linkedin.comKhalil Smith on LinkedIn: #akamai #flexbase #cultureTwo of the most frequent questions I get nowadays are whether Akamai Technologies is committed to FlexBase, our global flexible workplace program, and whether…
ExploreLive feeds
About