http://www.networkworld.com/news/2014/032114-speedy-attack-targets-web-servers-279944.html
By Jeremy Kirk
IDG News Service
March 20, 2014
Web servers running a long-outdated version of the Linux kernel were
attacked with dramatic speed over two days last week, Cisco Systems said
on Thursday.
All the affected servers were running the 2.6 version, first released in
December 2003, of the Linux kernel, which is the core of the operating
system. Most were running a 2.6 Linux kernel version released in 2007 or
earlier, wrote Martin Lee, technical lead of Threat Intelligence for
Cisco.
"Systems that are unmaintained or unsupported are no longer patched with
security updates," Lee wrote. "When attackers discover a vulnerability in
the system, they can exploit it at their whim without fear of it being
remedied."
After the Web server has been compromised, the attackers slip in a line of
JavaScript to other JavaScript files within the website. That code bounces
the website's visitors to a second compromised host, which runs another
JavaScript file.
[...]
--
Find the best IT Security talent without breaking your recruiting budget.
Jobs cross-posted to Simply Hired, Facebook and LinkedIn.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/
