03-19-2014 01:00 PM
Zero-day vulnerabilities tend to grab headlines, but administrators need to be paying attention to known, and already patched, vulnerabilities, according to a new Imperva threat advisory. Even if administrators ignore the older bugs, it's a sure bet that online criminals are not.
The fact that administrators don't always update servers with the latest patches in a timely manner is fairly well-known. What makes this sad state of affairs even worse is that administrators apparently don't patch vulnerable Web servers even when an exploit is publicly available and is being used in attacks, Barry Shteiman, director of security strategy at Imperva, told SecurityWeek.
Imperva issued a threat advisory on Wednesday for a code injection vulnerability in PHP (CVE-2012-1823).
“Zero-day vulnerabilities become zero-effort,” Shteiman said, noting that attackers can use publicly available exploits to craft new attacks.
While this particular PHP flaw was discovered in March 2012 and patched in May, a public exploit began making the rounds in October 2013, Imperva said in its advisory. The fact that the exploit became publicly available more than a year later suggests criminals were still enjoying some degree of success targeting this vulnerability, Shteiman said.
03-21-2014 05:00 PM
Now comes word of a new mass compromise that preys on even more neglected Web severs, some running versions of the Linux operating system kernel first released in 2007. According to a blog post published late Thursday by researchers from Cisco, the people behind the attack appear to have identified a vulnerability that has since been patched in later Linux releases that allows them to dish malicious content to unsuspecting people who visit the site. The quick-spreading compromise took over 400 hosts per day on Monday and Tuesday, and so far, Cisco has counted more than 2,700 distinct URLs that are under the control of the attackers.