What do the recent compromises of a number of LA Times websites and the blog of hard disk drive manufacturer Seagate have in common? According to several security researchers, all these sites are hosted on servers running Apache web server software, and have been compromised and equipped with module that is able to insert and rotate malicious iFrames on all pages of websites hosted on these servers.
Analysis of a malicious Apache module, detected by ESET as Linux/Chapro.A, found that the world's most widely used web server, Apache, is being used to carry out these attacks, injecting malicious content into web pages served by an infected Linux server, without the knowledge of the website owner.
The Apache Software Foundation announced Apache Hadoop 1.0, the open source software framework for scalable, distributed computing.
The Apache Software Foundation has released version 2.2.20 of the Apache HTTP Server, which includes a fix for the DDoS bug that was spotted being exploited in the wild through the "Apache Killer" tool nearly a week ago.
The developers behind the open source Apache Foundation issued a warning for all users of the Apache HTTPD Web Server, as an attack tool it has been made available on the Internet and has already been spotted being actively used.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.