These are the lastest entries added by SpiderLabs to the Web Application Security Consortium (WASC) Web Hacking Incident Database (WHID) Project.
WHID 2011-72: WordPress Hack Could Put Premium Users at Risk
- WHID ID: 2011-72
- Date Occurred: April 13, 2011
- Attack Method: Unknown
- Application Weakness: Unknown
- Outcome: Leakage of Information
- Attacked Entity Field: Blogs
- Attacked Entity Geography: USA
- Incident Description: Malicious hackers have successfully breached WordPress.com servers and potentially made off with sensitive bits of the publishing platform's underlying code. The breach could impact premium customers
using Wordpress for their websites, including Flickr, NASA, Yahoo, and The New York Times.
- Mass Attack: No
- Reference: http://www.pcworld.com/article/225158/wordpress_hack_could_put_premium_users_at_risk.html
- Attack Source Geography:
- Attacked System Technology: WordPress
WHID 2011-71: Malaysiakini under DDOS attack ahead of Sarawak election tomorrow
- WHID ID: 2011-71
- Date Occurred: April 15, 2011
- Attack Method: Denial of Service
- Application Weakness: Insufficient Anti-automation
- Outcome: Downtime
- Attacked Entity Field: Government
- Attacked Entity Geography: Malaysia
- Incident Description: Malaysian online news portal Malaysiakini has been inaccessible since late afternoon ahead of the Sarawak state election which will be held tomorrow.
Malaysiakini, together with Sarawak Report, another site critical of the Sarawakian government under long-serving Chief Minister Taib Mahmud, have been under relentless denial-of-service (DDOS) attacks which temporarily brought them down in last few days
- Mass Attack: No
- Reference: http://www.temasekreview.com/2011/04/15/malaysiakini-under-ddos-attack-ahead-of-sarawak-election-tomorrow/
WHID 2011-70: US Postal Service Website Hit With 'Blackhole' Exploit
WHID 2011-69: Credit Information at Hyundai Capital Leaked to Hacker
- WHID ID: 2011-69
- Date Occurred: April 11, 2011
- Attack Method: SQL Injection
- Application Weakness: Improper Input Handling
- Outcome: Leakage of Information
- Attacked Entity Field: Automotive
- Attacked Entity Geography: Korea
- Incident Description: Korea's major lending company and a financial unit of Hyundai Motor Group announced on Sunday that confidential credit information on its customers was leaked during a recent hacker attack which investigators say seems to have been carried out via servers in Brazil and the Philippines.
- Mass Attack: No
- Reference: http://www.arirang.co.kr/News/News_View.asp?nseq=114741&code=Ne4&category=3
- Attack Source Geography: Brazil
WHID 2011-68: Hack attack spills web security firm's (Barracuda) confidential data
- WHID ID: 2011-68
- Date Occurred: April 11, 2011
- Attack Method: SQL Injection
- Application Weakness: Improper Input Handling
- Outcome: Leakage of Information
- Attacked Entity Field: Technology
- Attacked Entity Geography:
- Incident Description: Try this for irony: The website of web application security provider Barracuda Networks has sustained an attack that appears to have exposed sensitive data concerning the company's partners and employee login credentials, according to an anonymous post.
Barracuda representatives didn't respond to emails seeking confirmation of the post, which claims the data was exposed as the result of a SQL injection attack.
- Mass Attack: No
- Reference: http://www.theregister.co.uk/2011/04/11/barracuda_networks_attack/