Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
SpiderLabs Blog

Latest Web Hacking Incident Database (WHID) Entries(4)

These are the lastest entries added by SpiderLabs to the Web Application Security Consortium (WASC) Web Hacking Incident Database (WHID) Project.

WHID 2011-72: WordPress Hack Could Put Premium Users at Risk

WHID ID: 2011-72
Date Occurred: April 13, 2011
Attack Method: Unknown
Application Weakness: Unknown
Outcome: Leakage of Information
Attacked Entity Field: Blogs
Attacked Entity Geography: USA
Incident Description: Malicious hackers have successfully breached WordPress.com servers and potentially made off with sensitive bits of the publishing platform's underlying code. The breach could impact premium customers using Wordpress for their websites, including Flickr, NASA, Yahoo, and The New York Times.
Mass Attack: No
Reference: http://www.pcworld.com/article/225158/wordpress_hack_could_put_premium_users_at_risk.html
Attack Source Geography:
Attacked System Technology: WordPress

WHID 2011-71: Malaysiakini under DDOS attack ahead of Sarawak election tomorrow

WHID ID: 2011-71
Date Occurred: April 15, 2011
Attack Method: Denial of Service
Application Weakness: Insufficient Anti-automation
Outcome: Downtime
Attacked Entity Field: Government
Attacked Entity Geography: Malaysia
Incident Description: Malaysian online news portal Malaysiakini has been inaccessible since late afternoon ahead of the Sarawak state election which will be held tomorrow.
Malaysiakini, together with Sarawak Report, another site critical of the Sarawakian government under long-serving Chief Minister Taib Mahmud, have been under relentless denial-of-service (DDOS) attacks which temporarily brought them down in last few days
Mass Attack: No
Reference: http://www.temasekreview.com/2011/04/15/malaysiakini-under-ddos-attack-ahead-of-sarawak-election-tomorrow/
Attack Source Geography:

WHID 2011-70: US Postal Service Website Hit With 'Blackhole' Exploit

WHID ID: 2011-70
Date Occurred: April 8, 2011
Attack Method: Unknown
Application Weakness: Improper Output Handling
Outcome: Planting of Malware
Attacked Entity Field: Retail
Attacked Entity Geography:
Incident Description: The US Postal Service website received an unwelcome delivery this week of a new attack rapidly spreading among legitimate websites. USPS became the latest victim of the so-called "Blackhole" toolkit, a wildly popular website attack kit that's easy to use and provides obfuscation features that help it evade antivirus detection.
Mass Attack: No
Reference: http://www.darkreading.com/advanced-threats/167901091/security/attacks-breaches/229401258/us-postal-service-website-hit-with-blackhole-exploit.html
Attack Source Geography:

WHID 2011-69: Credit Information at Hyundai Capital Leaked to Hacker

WHID ID: 2011-69
Date Occurred: April 11, 2011
Attack Method: SQL Injection
Application Weakness: Improper Input Handling
Outcome: Leakage of Information
Attacked Entity Field: Automotive
Attacked Entity Geography: Korea
Incident Description: Korea's major lending company and a financial unit of Hyundai Motor Group announced on Sunday that confidential credit information on its customers was leaked during a recent hacker attack which investigators say seems to have been carried out via servers in Brazil and the Philippines.
Mass Attack: No
Reference: http://www.arirang.co.kr/News/News_View.asp?nseq=114741&code=Ne4&category=3
Attack Source Geography: Brazil

WHID 2011-68: Hack attack spills web security firm's (Barracuda) confidential data

WHID ID: 2011-68
Date Occurred: April 11, 2011
Attack Method: SQL Injection
Application Weakness: Improper Input Handling
Outcome: Leakage of Information
Attacked Entity Field: Technology
Attacked Entity Geography:
Incident Description: Try this for irony: The website of web application security provider Barracuda Networks has sustained an attack that appears to have exposed sensitive data concerning the company's partners and employee login credentials, according to an anonymous post.
Barracuda representatives didn't respond to emails seeking confirmation of the post, which claims the data was exposed as the result of a SQL injection attack.
Mass Attack: No
Reference: http://www.theregister.co.uk/2011/04/11/barracuda_networks_attack/
Attack Source Geography:

Latest SpiderLabs Blogs

Welcome to Adventures in Cybersecurity: The Defender Series

I’m happy to say I’m done chasing Microsoft certifications (AZ104/AZ500/SC100), and as a result, I’ve had the time to put some effort into a blog series that hopefully will entertain and inform you...

Read More

Trustwave SpiderLabs: Insights and Solutions to Defend Educational Institutions Against Cyber Threats

Security teams responsible for defending educational institutions at higher education and primary school levels often find themselves facing harsh lessons from threat actors who exploit the numerous...

Read More

Breakdown of Tycoon Phishing-as-a-Service System

Just weeks after Trustwave SpiderLabs reported on the Greatness phishing-as-a-service (PaaS) framework, SpiderLabs’ Email Security team is tracking another PaaS called Tycoon Group.

Read More