WHID 2011-72: WordPress Hack Could Put Premium Users at Risk
WHID ID: 2011-72
Date Occurred: April 13, 2011
Attack Method: Unknown
Application Weakness: Unknown
Outcome: Leakage of Information
Attacked Entity Field: Blogs
Attacked Entity Geography: USA
Incident Description: Malicious hackers have successfully breached WordPress.com servers and potentially made off with sensitive bits of the publishing platform's underlying code. The breach could impact premium customers using Wordpress for their websites, including Flickr, NASA, Yahoo, and The New York Times.
Incident Description: Malaysian online news portal Malaysiakini has been inaccessible since late afternoon ahead of the Sarawak state election which will be held tomorrow. Malaysiakini, together with Sarawak Report, another site critical of the Sarawakian government under long-serving Chief Minister Taib Mahmud, have been under relentless denial-of-service (DDOS) attacks which temporarily brought them down in last few days
WHID 2011-70: US Postal Service Website Hit With 'Blackhole' Exploit
WHID ID: 2011-70
Date Occurred: April 8, 2011
Attack Method: Unknown
Application Weakness: Improper Output Handling
Outcome: Planting of Malware
Attacked Entity Field: Retail
Attacked Entity Geography:
Incident Description: The US Postal Service website received an unwelcome delivery this week of a new attack rapidly spreading among legitimate websites. USPS became the latest victim of the so-called "Blackhole" toolkit, a wildly popular website attack kit that's easy to use and provides obfuscation features that help it evade antivirus detection.
WHID 2011-69: Credit Information at Hyundai Capital Leaked to Hacker
WHID ID: 2011-69
Date Occurred: April 11, 2011
Attack Method: SQL Injection
Application Weakness: Improper Input Handling
Outcome: Leakage of Information
Attacked Entity Field: Automotive
Attacked Entity Geography: Korea
Incident Description: Korea's major lending company and a financial unit of Hyundai Motor Group announced on Sunday that confidential credit information on its customers was leaked during a recent hacker attack which investigators say seems to have been carried out via servers in Brazil and the Philippines.
WHID 2011-68: Hack attack spills web security firm's (Barracuda) confidential data
WHID ID: 2011-68
Date Occurred: April 11, 2011
Attack Method: SQL Injection
Application Weakness: Improper Input Handling
Outcome: Leakage of Information
Attacked Entity Field: Technology
Attacked Entity Geography:
Incident Description: Try this for irony: The website of web application security provider Barracuda Networks has sustained an attack that appears to have exposed sensitive data concerning the company's partners and employee login credentials, according to an anonymous post. Barracuda representatives didn't respond to emails seeking confirmation of the post, which claims the data was exposed as the result of a SQL injection attack.
Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.