ESET researchers, together with web security firm Sucuri, have been analyzing a new threat affecting Apache webservers.
What do the recent compromises of a number of LA Times websites and the blog of hard disk drive manufacturer Seagate have in common? According to several security researchers, all these sites are hosted on servers running Apache web server software, and have been compromised and equipped with module that is able to insert and rotate malicious iFrames on all pages of websites hosted on these servers.
Analysis of a malicious Apache module, detected by ESET as Linux/Chapro.A, found that the world's most widely used web server, Apache, is being used to carry out these attacks, injecting malicious content into web pages served by an infected Linux server, without the knowledge of the website owner.
The Apache Software Foundation announced Apache Hadoop 1.0, the open source software framework for scalable, distributed computing.
The Apache Software Foundation has released version 2.2.20 of the Apache HTTP Server, which includes a fix for the DDoS bug that was spotted being exploited in the wild through the "Apache Killer" tool nearly a week ago.