These are the lastest entries added by SpiderLabs to the Web Application Security Consortium (WASC) Web Hacking Incident Database (WHID) Project.
Entry Title: WHID 2011-99: FTC settles data breach charges against Lookout Services
WHID ID: 2011-99
Date Occurred: October 1, 2009
Attack Method: Predictable Resource Location
Application Weakness: Insufficient Authorization
Outcome: Leakage of Information
Attacked Entity Field: Information Services
Attacked Entity Geography:
Incident Description: In October and December 2009, an employee of a Lookout customer was able to gain access to the product's database by typing a URL into a Web browser, the FTC said in its complaint. The intruder was able to gain access to personal information, including Social Security numbers, of about 37,000 consumers, the FTC said.
Mass Attack: No
Reference: http://news.idg.no/cw/art.cfm?id=2761F224-1A64-67EA-E41CDB96A756125A
Attack Source Geography:
Additional Link: http://ftc.gov/os/caselist/1023076/110503lookoutservicesanal.pdf
Entry Title: WHID 2011-98: Sony Darkens Another Network As Breach Investigation Widens
WHID ID: 2011-98
Date Occurred: May 2, 2011
Attack Method: Unknown
Application Weakness: Unknown
Outcome: Leakage of Information
Attacked Entity Field: Entertainment
Attacked Entity Geography: Japan
Incident Description: Sony Corp. took further steps to contain a serious data breach: temporarily shuttering the Website of Sony Online Entertainment and station.com, another of the technology company's online gaming networks, even as it signaled the slow return of its PlayStation Network to operation.
Mass Attack: No
Reference: http://threatpost.com/en_us/blogs/sony-darkens-another-network-breach-investigation-widens-050211
Attack Source Geography:
Entry Title: WHID 2011-97: Man who liveblogged Bin Laden raid was hacked
WHID ID: 2011-97
Date Occurred: May 2, 2011
Attack Method: Unknown
Application Weakness: Improper Output Handling
Outcome: Planting of Malware
Attacked Entity Field: Blogs
Attacked Entity Geography: Pakistan
Incident Description: The Pakistani programmer who dubbed himself "the guy who liveblogged the Osama raid without knowing about it" is also the guy who got his website hacked without knowing about it.
Mass Attack: No
Reference: http://www.computerworld.com/s/article/9216341/Man_who_liveblogged_Bin_Laden_raid_was_hacked
Attack Source Geography:
Attacked System Technology: WordPress
Entry Title: WHID 2011-96: Click-jacking on Facebook
WHID ID: 2011-96
Date Occurred: May 2, 2011
Attack Method: Clickjacking
Application Weakness: Application Misconfiguration
Outcome: Link Spam
Attacked Entity Field: Web 2.0
Attacked Entity Geography: USA
Incident Description: WebSense analyzes a recent click-jacking attack against FaceBook users.
Mass Attack: No
Reference: http://community.websense.com/blogs/securitylabs/archive/2011/05/02/a-weekend-of-click-jacking-on-facebook.aspx
Attack Source Geography:
Attacked System Technology: Facebook
Entry Title: WHID 2011-95: Researchers Catch Targeted Attack On Popular Soccer Website
WHID ID: 2011-95
Date Occurred: May 2, 2011
Attack Method: Unknown
Application Weakness: Improper Output Handling
Outcome: Planting of Malware
Attacked Entity Field: Sports
Attacked Entity Geography: Luxembourg
Incident Description: A popular sports website late last week was spotted serving up malware in what researchers say appears to be a targeted attack and not part of a mass SQL injection campaign.
Mass Attack: No
Reference: http://www.darkreading.com/advanced-threats/167901091/security/application-security/229402594/researchers-catch-targeted-attack-on-popular-soccer-website.html
Attack Source Geography:
Attacked System Technology: WordPress
Entry Title: WHID 2011-94: High school hackers expose security gap in Seattle Public Schools
WHID ID: 2011-94
Date Occurred: May 1, 2011
Attack Method: Stolen Credentials
Application Weakness: Insufficient Authentication
Outcome: Disinformation
Attacked Entity Field: Education
Attacked Entity Geography: Seattle, WA
Incident Description: District officials suspect a student, or several, swiped teachers' passwords for online grade books, possibly using a key-logger device or keystroke-recording software that captures every keystroke, including IDs and passwords
Mass Attack: No
Reference: http://seattletimes.nwsource.com/html/editorials/2014914193_edit02grades.html
Attack Source Geography:
Entry Title: WHID 2011-93: Hacker posts screenshot of sex video on SPAD website
WHID ID: 2011-93
Date Occurred: May 2, 2011
Attack Method: Unknown
Application Weakness: Improper Output Handling
Outcome: Defacement
Attacked Entity Field: Government
Attacked Entity Geography: Malaysia
Incident Description: The Land Public Transport Commission (SPAD) website was hacked yesterday and a screenshot of the controversial sex video allegedly involving a top politician was posted on its main page.
Mass Attack: No
Reference: http://thestar.com.my/news/story.asp?file=/2011/5/2/nation/8591951&sec=nation
Attack Source Geography:
Entry Title: WHID 2011-92: Anonymous attacks Iranian state websites
WHID ID: 2011-92
Date Occurred: May 2, 2011
Attack Method: Denial of Service
Application Weakness: Insufficient Anti-automation
Outcome: Downtime
Attacked Entity Field: Government
Attacked Entity Geography: Iran
Incident Description: The infamous Anonymous hacking group has crippled a string of Iranian state websites including those of the Office of the Supreme Leader, state police and the Islamic Revolutionary Guards in attacks launched yesterday.
Mass Attack: No
Reference: http://www.securecomputing.net.au/News/256057,anonymous-attacks-iranian-state-websites.aspx
Attack Source Geography:
Entry Title: WHID 2011-91: Rabobank network floored by cyber attack
WHID ID: 2011-91
Date Occurred: May 2, 2011
Attack Method: Denial of Service
Application Weakness: Insufficient Anti-automation
Outcome: Downtime
Attacked Entity Field: Finance
Attacked Entity Geography: Netherlands
Incident Description: Internet and mobile banking at the Rabobank has been badly hit by an attack on its computer network, the company reported on Monday.
The denial of service attack, in which the target computer is saturated with external communications requests, has made the network unavailable to its customers.
Mass Attack: No
Reference: http://www.dutchnews.nl/news/archives/2011/05/rabobank_network_floored_by_cy.php
Attack Source Geography:
Entry Title: WHID 2011-90: DSLReports says member information stolen
WHID ID: 2011-90
Date Occurred: April 28, 2011
Attack Method: SQL Injection
Application Weakness: Improper Input Handling
Outcome: Leakage of Information
Attacked Entity Field: News
Attacked Entity Geography: USA
Incident Description: Subscribers to ISP news and review site DSLReports.com have been notified that their e-mail addresses and passwords may have been exposed during an attack on the Web site earlier this week.
The site was targeted in an SQL injection attack yesterday and about 8 percent of the subscribers' e-mail addresses and passwords were stolen, Justin Beech, founder of DSLReports.com, wrote in an e-mail to members. That would be about 8,000 random accounts of the 9,000 active and 90,000 old or inactive accounts created during the site's 10-year history, Beech said in an e-mail to CNET today.
Mass Attack: No
Reference: http://news.cnet.com/8301-27080_3-20058471-245.html
Attack Source Geography: