Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Speedy attack targets Web servers with outdated Linux kernels

From: InfoSec News <alerts () infosecnews org>
Date: Fri, 21 Mar 2014 08:22:44 +0000 (UTC)
http://www.networkworld.com/news/2014/032114-speedy-attack-targets-web-servers-279944.html

By Jeremy Kirk
IDG News Service
March 20, 2014
Web servers running a long-outdated version of the Linux kernel were attacked with dramatic speed over two days last week, Cisco Systems said on Thursday.
All the affected servers were running the 2.6 version, first released in December 2003, of the Linux kernel, which is the core of the operating system. Most were running a 2.6 Linux kernel version released in 2007 or earlier, wrote Martin Lee, technical lead of Threat Intelligence for Cisco.
"Systems that are unmaintained or unsupported are no longer patched with security updates," Lee wrote. "When attackers discover a vulnerability in the system, they can exploit it at their whim without fear of it being remedied."
After the Web server has been compromised, the attackers slip in a line of JavaScript to other JavaScript files within the website. That code bounces the website's visitors to a second compromised host, which runs another JavaScript file. 

[...]



--
Find the best IT Security talent without breaking your recruiting budget.
Jobs cross-posted to Simply Hired, Facebook and LinkedIn.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/
Previous By Date Next
Previous By Thread Next

Current thread: