🚨ACTIVE EXPLOITATION ALERT🚨

Great work Kyle Lefton 🎉

The baddies at Akamai SIRT (Security Intelligence Response Team) have identified the first ITW exploitation of command injection vulns CVE-2024-6047 and CVE-2024-11120. It's a Mirai variant called LZRD (pronounced luh-zurd according to the interwebs)

blog post includes IOCs, full technical details and malware analysis. video is a silly interpretation bc i'm allergic to content without puns

https://www.akamai.com/blog/security-research/active-exploitation-mirai-geovision-iot-botnet

#security #research #malware #botnet #mirai #infosec #cybersec #wedding #singing #content

oh man i'm stoked to share this one.

so at akamai we have these huge research reports called the State of the Internet (SOTIs) that we put out. they're typically pretty high level, showing what we've seen in a particular topic since such a huge portion of the internet runs on our stuff lol BUT this time, they let us try something new.  

This time, we pulled together some pretty deep, low-level technical research on risk scoring, a few botnets, vpn abuse, XSS, and k8s and collated it into an anthology designed for the defenders themselves. this was honestly a passion project of sorts (y'all know my nerdy ass loves this shit) and it turned out pretty great i think. i'll probs share it a few different times, it's a dense report lol

the vpn stuff in particular is interesting - they found a permados vuln in fortiOS 👀

https://www.akamai.com/lp/soti/cybersecurity-defense-guide-2025

#security #cybersecurity #research #SOTI #akamai #vpn #rce #risk #kubernetes

pls appreciate i wore an aqua colored sweater to talk about aquabot

🚨Active exploitation attempt🚨
Akamai Security Intelligence and Response Team (SIRT) has identified a new variant of the Mirai-based Aquabot, dubbed Aquabotv3 keeping in line with the naming conventions of the first two.

it is using CVE-2024-41710, a command injection vulnerability that affects Mitel SIP models. There was a POC made public in august 2024 but this is the first time it's been seen actively seeking exploitation ITW.

not only that! This malware exhibits a behavior we have never before seen with a Mirai variant: a function (report_kill) to report back to the C2 when a kill signal was caught on the infected device.

We (we = the SIRT) have not seen any response from the C2 as of the date this was originally posted (Jan. 28, 2024).

Incredible work Larry Cashdollar and Kyle Lefton 🎉

Full technical analysis including IOCs:
https://www.akamai.com/blog/security-research/2025-january-new-aquabot-mirai-variant-exploiting-mitel-phones

#mirai #malware #activeexploitation #security #research #botnet

Features aren't always innocent 😉

In the most recent publication by Akamai Technologies' Security Intelligence Group, Tomer Peled found yet -a n o t h e r- vuln in K8s. this time in Log Query, and it can do some big bad.

Did you know that out of the 12 vulns found in Kubernetes since 2023, Tomer has found 4 of them?!?!? i work with the coolest people

anyway, couldn't resist a britney parody sooooooo

https://www.akamai.com/blog/security-research/2024-january-kubernetes-log-query-rce-windows

#kubernetes #k8s #vulnerability #security #cybersecurity #parody

i wish people understood that not wanting to talk about politics is a privilege. we have deemed some things “political” that are just human rights. by current societal definition, some people’s EXISTENCE is considered political.

idgaf you don’t wanna see “political stuff” on linkedin or at work or wherever. that’s life, baby. we are out in situations we don’t like all the time in the real world. curate your feed or stfu.

if i already bought your product i don't want a sales pitch post-sales, i want to learn how to use it.

is this typical practice to have a "discovery call" during a kickoff? like, wouldn't that have had been covered to get purchased....?