Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Services
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Security
Unlock the full power of Microsoft Security
Offensive Security
Solutions to maximize your security ROI
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Latest Web Hacking Incident Database (WHID) Entries (4)

These are the lastest entries added by SpiderLabs to the Web Application Security Consortium (WASC) Web Hacking Incident Database (WHID) Project.

 

WHID 2011-72: WordPress Hack Could Put Premium Users at Risk

  • WHID ID: 2011-72
  • Date Occurred: April 13, 2011
  • Attack Method: Unknown
  • Application Weakness: Unknown
  • Outcome: Leakage of Information
  • Attacked Entity Field: Blogs
  • Attacked Entity Geography: USA
  • Incident Description: Malicious hackers have successfully breached WordPress.com servers and potentially made off with sensitive bits of the publishing platform's underlying code. The breach could impact premium customers 
    using Wordpress for their websites, including Flickr, NASA, Yahoo, and The New York Times.
  • Mass Attack: No
  • Reference: http://www.pcworld.com/article/225158/wordpress_hack_could_put_premium_users_at_risk.html
  • Attack Source Geography:
  • Attacked System Technology: WordPress

 

WHID 2011-71: Malaysiakini under DDOS attack ahead of Sarawak election tomorrow

  • WHID ID: 2011-71
  • Date Occurred: April 15, 2011
  • Attack Method: Denial of Service
  • Application Weakness: Insufficient Anti-automation
  • Outcome: Downtime
  • Attacked Entity Field: Government
  • Attacked Entity Geography: Malaysia
  • Incident Description: Malaysian online news portal Malaysiakini has been inaccessible since late afternoon ahead of the Sarawak state election which will be held tomorrow.
    Malaysiakini, together with Sarawak Report, another site critical of the Sarawakian government under long-serving Chief Minister Taib Mahmud, have been under relentless denial-of-service (DDOS) attacks which temporarily brought them down in last few days
  • Mass Attack: No
  • Reference: http://www.temasekreview.com/2011/04/15/malaysiakini-under-ddos-attack-ahead-of-sarawak-election-tomorrow/

WHID 2011-70: US Postal Service Website Hit With 'Blackhole' Exploit

 

WHID 2011-69: Credit Information at Hyundai Capital Leaked to Hacker

  • WHID ID: 2011-69
  • Date Occurred: April 11, 2011
  • Attack Method: SQL Injection
  • Application Weakness: Improper Input Handling
  • Outcome: Leakage of Information
  • Attacked Entity Field: Automotive
  • Attacked Entity Geography: Korea
  • Incident Description: Korea's major lending company and a financial unit of Hyundai Motor Group announced on Sunday that confidential credit information on its customers was leaked during a recent hacker attack which investigators say seems to have been carried out via servers in Brazil and the Philippines.
  • Mass Attack: No
  • Reference: http://www.arirang.co.kr/News/News_View.asp?nseq=114741&code=Ne4&category=3
  • Attack Source Geography: Brazil

 

WHID 2011-68: Hack attack spills web security firm's (Barracuda) confidential data

  • WHID ID: 2011-68
  • Date Occurred: April 11, 2011
  • Attack Method: SQL Injection
  • Application Weakness: Improper Input Handling
  • Outcome: Leakage of Information
  • Attacked Entity Field: Technology
  • Attacked Entity Geography:
  • Incident Description: Try this for irony: The website of web application security provider Barracuda Networks has sustained an attack that appears to have exposed sensitive data concerning the company's partners and employee login credentials, according to an anonymous post.
    Barracuda representatives didn't respond to emails seeking confirmation of the post, which claims the data was exposed as the result of a SQL injection attack.
  • Mass Attack: No
  • Reference: http://www.theregister.co.uk/2011/04/11/barracuda_networks_attack/

ABOUT TRUSTWAVE

Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.

Latest Intelligence

Discover how our specialists can tailor a security program to fit the needs of
your organization.

Request a Demo