|WHID ID||Entry Title||Incident Description||Reference||Date Occurred||Attack Method||Application Weakness||Outcome||Attacked Entity Field||Attacked Entity Geography||Mass Attack||Mass Attack Name||Number of Sites Affected||Attack Source Geography||Attacked System Technology||Cost||Items Leaked||Number of Records||Additional Link|
|2015-063||WHID 2015-063: Hong Kong Free Press hit by denial-of-service attack weeks before launch|
Hong Kong Free Press, an independent news website set up to counter falling press freedom in the territory, has been hit by a denial-of-service attack before the platform has launched
|http://www.mumbrella.asia/2015/06/hong-kong-free-press-hit-by-denial-of-service-attack-before-launch/||6/3/2015||Denial of Service||Insufficient Anti-Automation||Downtime||Media|
|2015-062||WHID 2015-062: Businessman Loses $240,000 to Hackers|
A targeted attack on a businessman from Mahwah, New Jersey, caused the victim a financial loss of $240,000 / €215,000, through a bank transfer request that appeared legitimate to the financial institution.
|http://news.softpedia.com/news/Businessman-Loses-240-000-to-Hackers-483098.shtml||6/2/2015||Banking Trojan||Insufficient Authentication||Monetary Loss||Finance|
|2015-061||WHID 2015-061: Local websites hacked after a brute force attack|
Web Design 309, a local web design firm, says the hackers used a brute force attack to break into a local server, using millions of password combinations at the same time until one of them worked.
|http://www.cinewsnow.com/news/local/Local-websites-hacked-after-a-brute-force-attack-305933091.html||6/2/2015||Brute Force||Insufficient Anti-Automation||Account Takeover||Technology|
|2015-060||WHID 2015-060: Hackers attack Huffington Post, other sites, with malware-laced ads|
The Huffington Post and several major websites displayed malware-laced advertisements that infected computers and locked them down.
|2015-059||WHID 2015-059: 'Self-XSS' flaw in found Microsoft Dynamics CRM|
A flaw discovered in Microsoft's Dynamics CRM could allow remote hackers to trick a logged-in user into inserting malicious code within input fields on vulnerable websites.
|http://www.zdnet.com/article/self-xss-flaw-in-microsoft-dynamics-crm-discovered/||1/8/2015||Cross-site Scripting (XSS)||Improper Output Handling||Account Takeover||Technology|
|2015-058||WHID 2015-058: Stealthy 'XOR.DDoS' trojan infects Linux systems, installs rootkit|
A newly discovered trojan is infecting Linux systems and possibly building up an arsenal of devices to be used in distributed denial-of-service (DDoS) attacks
|http://www.scmagazine.com/malware-targets-linux-and-arm-architecture/article/391497/||1/7/2015||Brute Force||Insufficient Anti-Automation||Botnet Recruitment||Multiple|
|2015-057||WHID 2015-057: Hackers with ties to Islamic State group take over Buena Park nonprofit's website|
Giving Children Hope, a nonprofit that delivers aid to children and families in need around the world, had its website hacked by a group identifying itself as Team System Dz, an Islamic State sympathizer.
|2015-056||WHID 2015-056: Bulgarian Energy Regulator’s Website Hacked|
Initially the cyberattack had only affected the homepage of www.dker.bg, with access to the site being restricted completely at around 9.30 AM CET on Thursday
|2015-055||WHID 2015-055: Merkel website hacked ahead of visit by Ukrainian premier|
A German official says Chancellor Angela Merkel's website and several other German government sites have been blocked, and a pro-Russian organization has claimed responsibility.
|http://www.utsandiego.com/news/2015/jan/07/merkel-website-hacked-ahead-of-visit-by-ukrainian/||1/7/2015||Denial of Service||Insufficient Anti-Automation||Downtime||Government|
|2015-054||WHID 2015-054: Md. station's Twitter, website hacked by ISIS supporters|
The Twitter account for WBOC, a Salisbury-based television station, was hijacked Tuesday by a hacker claiming to be sympathetic to the Islamic State terrorist group.
|2015-053||WHID 2015-053: Primary school website hacked by Islamic extremists|
The homepage of Sowerby Community Primary School in Yorkshire was taken over by messages of hate against America and Israel
|2015-052||WHID 2015-052: iCloud hole closed following brute force attack|
A hole in iCloud's security allowed attackers to access any iCloud account via a brute force attack that side-stepped blocks - but it is now reported to have been patched.
|http://www.scmagazineuk.com/icloud-hole-closed-following-brute-force-attack/article/390822/||1/5/2015||Brute Force||Insufficient Anti-Automation||Leakage of Information||Technology|
|2015-051||WHID 2015-051: Weasel Zippers attacked, taken down for 12 hours||DDoS attack for 12 hours.||http://www.americanthinker.com/blog/2015/01/weasel_zippers_attacked_taken_down_for_12_hours.html||1/6/2015||Denial of Service||Insufficient Anti-Automation||Downtime||Politics|
|2015-050||WHID 2015-050: University Of Cape CoastOfficial Website Hacked|
The official website of the University Of Cape Coast has been taken down
|2015-049||WHID 2015-049: Bitstamp exchange hacked, $5M worth of bitcoin stolen|
The European bitcoin exchange suspends its service after it was hacked, ZDNet can confirm. Less than 19,000 bitcoins were stolen from an operational wallet.
|2015-048||WHID 2015-048: OP hit by another denial of service attack|
The second attack was detected on Sunday afternoon, only a couple of hours after the first attack had ended, according to an announcement posted by the financial services provider on its Facebook page.
|http://www.helsinkitimes.fi/finland/finland-news/domestic/13104-op-hit-by-another-denial-of-service-attack.html||1/5/2015||Denial of Service||Insufficient Anti-Automation||Downtime||Finance|
|2015-047||WHID 2015-047: Finnish bank takes cricket bat to wave after wave of DDoS varmints|
Finnish bank OP is continuing to fight off a cascading series of distributed denial of service (DDoS) attacks that began on New Year's Eve.
|http://www.theregister.co.uk/2015/01/05/finnish_bank_ddos/||1/5/2015||Denial of Service||Insufficient Anti-Automation||Downtime||Finance|
|2013-127||WHID 2013-127: Burger King Twitter account hacked, defaced|
The Twitter account associated with the fast-food chain Burger King was suspended after an apparent hack defaced the page with messages that the account had been sold to McDonald's.
|http://www.cnet.com/news/burger-king-twitter-account-hacked-defaced/||2/18/2013||Brute Force||Insufficient Authentication||Account Takeover||Social|
|2013-126||WHID 2013-126: 200,000 CAYMANS CORPORATIONS HACKED FOR ART PROJECT|
HACKER-ARTIST PAOLO CIRIO SCRAPED DATA FROM MORE THAN 200,000 CAYMAN ISLANDS CORPORATIONS VIA GOVERNMENT SERVERS TO PROTEST OFFSHORE TAX LAWS. USERS CAN PURCHASE THEIR OWN OFFSHORE "CERTIFICATES OF INCORPORATION" FOR TAX PURPOSES THROUGH CIRIO'S WEBSITE.
|http://www.fastcompany.com/3005965/200000-caymans-corporations-hacked-art-project||2/15/2013||Scraping||Insufficient Anti-Automation||Leakage of Information||Finance|
|2013-125||WHID 2013-125: Facebook says social network hacked|
In a post by Facebook's security team, the company said the attack happened after some employees went to a mobile developer's website, which turned out to be compromised. "The compromised website hosted an exploit which then allowed malware to be installed on these employee laptops," Facebook said.
|http://www.marketwatch.com/story/facebook-says-social-network-hacked-2013-02-15||2/15/2013||Unknown||Unknown||Planting of Malware||Technology|
|2013-124||WHID 2013-124: Chinese hacker arrested after extorting $32K from web companies|
A 24-year-old Chinese man was arrested after authorities learned he had amassed $32,000 to purchase in-game MMO equipment by extorting internet companies
|2013-123||WHID 2013-123: Yahoo! hacked in New Zealand through WordPress vulnerability|
Telecom New Zealand outsources its Xtra email service to Yahoo!, which in turn uses an old and unpatched version of WordPress to host the service.
|http://www.smartcompany.com.au/technology/information-technology/30276-yahoo-hacked-in-new-zealand-through-wordpress-vulnerability.html#||2/11/2013||Unknown||Unknown||Account Takeover||Hosting Providers||WordPress|
|2013-122||WHID 2013-122: E-banking theft: Hackers steal Rs 2.5L|
An unknown cyber criminal allegedly hacked into the NRI bank account of Savio Joao Piedade Clemente from Borda, Margao, on January 29 and fraudulently withdrew 2.5 lakh from it.
|http://timesofindia.indiatimes.com/city/goa/E-banking-theft-Hackers-steal-Rs-2-5L/articleshow/18423221.cms||2/10/2013||Banking Trojan||Insufficient Process Validation||Monetary Loss||Finance|
|2013-121||WHID 2013-121: Hackers target Alabama Criminal Justice Information Center website|
A hack of the Alabama Criminal Justice Information Center’s public website is now the subject of a criminal investigation, according to the Alabama Department of Homeland Security.
|2013-120||WHID 2013-120: Hackers access bankers' info on Fed website|
More than 4,000 bank executives had their personal information published on the Internet by hackers who accessed the data on an internal Federal Reserve website, according to a Reuters report.
|http://www.usatoday.com/story/money/business/2013/02/06/federal-reserves-website-hacked/1896843/||2/6/2013||SQL Injection||Improper Input Handling||Leakage of Information||Government|
|2013-119||WHID 2013-119: Energy Department hacked, says no classified data was compromised|
The Department of Energy's electronics network was attacked by hackers in mid-January but no classified data was compromised, the agency said in a letter to employees.
|http://articles.chicagotribune.com/2013-02-04/news/sns-rt-us-usa-cybersecurity-doebre9130zl-20130204_1_state-department-cables-energy-department-wikileaks||2/4/2013||Unknown||Unknown||Leakage of Information||Government|
|2013-118||WHID 2013-118: Malware warnings block Google Chrome users from some sites after website hacked|
Malware warnings were halting Internet users from visiting popular sites across the Internet on Monday morning, including some websites owned by The Saratogian's parent company, Digital First Media, after a Silicon Valley advertising company had it website hacked. The company said Monday that its ads were not infected with any virus, so other sites were safe.
|http://www.saratogian.com/general-news/20130204/malware-warnings-block-google-chrome-users-from-some-sites-after-website-hacked||2/4/2013||Unknown||Unknown||Planting of Malware||Multiple|
|2013-117||WHID 2013-117: Amid Iraqi protests, hackers hit Maliki's website|
Iraq's Prime Minister Nuri al-Maliki is facing protests from Sunni Muslims, an oil dispute with the Kurdistan region and turmoil in his own government. Now hackers have attacked his website to brand him a tyrant.
|2013-116||WHID 2013-116: Twitter: Hackers hit 250,000 accounts|
Twitter confirmed Friday that it had become the latest victim in a number of high-profile cyber-attacks against media companies, saying that hackers may have gained access to information on 250,000 of its more than 200 million active users.
|http://www.usatoday.com/story/tech/2013/02/01/twitter-hackers-china-us/1885347/||2/2/2013||Unknown||Unknown||Leakage of Information||Social|
|2013-115||WHID 2013-115: Yahoo Mail users still seeing accounts hacked via XSS exploit|
Yahoo Mail users are once again having their accounts compromised in attacks that are very similar to the ones seen just a few weeks ago. Attackers are gaining access after leveraging a flaw in the company’s YDN blog page by means of a link sent to victims’ inboxes.
|http://thenextweb.com/insider/2013/01/31/yahoo-mail-users-still-seeing-accounts-hacked-via-xss-exploit-amid-reports-yahoo-failed-to-fix-old-flaw/||1/31/2013||Cross-site Scripting (XSS)||Improper Output Handling||Account Takeover||Technology|
|2013-114||WHID 2013-114: Yahoo Mail users hit by widespread hacking, XSS exploit seemingly to blame|
Late last night reports started coming in suggesting that Yahoo Mail users have had their accounts hacked. While “hacked” is a very broad term nowadays, it does appear that Yahoo email accounts are being compromised after users click on a malicious link they receive in their inboxes.
|http://thenextweb.com/insider/2013/01/07/yahoo-mail-users-hit-by-widespread-hacking-xss-exploit-seemingly-to-blame/||1/7/2013||Cross-site Scripting (XSS)||Improper Output Handling||Account Takeover||Technology|
|2013-113||WHID 2013-113: Patelco Confirms Five-Hour DDoS Takedown|
Last Thursday, the main member-facing Patelco website was down for around five hours, said Patelco CEO Ken Burns in an interview Tuesday.
|http://www.cutimes.com/2013/01/29/patelco-confirms-five-hour-ddos-takedown||1/29/2013||Denial of Service||Insufficient Anti-Automation||Downtime||Finance|
|2013-112||WHID 2013-112: RubyGems.org hacked, interrupting Heroku services and putting sites using Rails at risk|
A user uploaded a malicious gem that contained a malicious gem manifest (YAML file). The manifest contained embedded Ruby with this payload. This is the only known incident involving this vulnerability, but the vulnerability involved is a remote code execution exploit, so the usual rules apply.
|http://venturebeat.com/2013/01/30/rubygems-org-hacked-interrupting-heroku-services-and-putting-millions-of-sites-using-rails-at-risk/||1/30/2013||Code Injection||Improper Input Handling||Leakage of Information||Technology|
|2013-111||WHID 2013-111: Rogue Payday loan brokers hacking websites to increase website traffic|
An investigation by Sky News has revealed that some Payday loan brokers have been involved in hacking popular websites in order to increase their rankings on Google and the number of visitors to their sites
|2013-110||WHID 2013-110: Citizens Bank website brought down by Iranian hackers|
The bank's website was down on Thursday because of what the bank called "a temporary disruption due to an unusually high volume of Internet traffic."
|http://www.wcvb.com/money/Citizens-Bank-website-brought-down-by-Iranian-hackers/18291048||1/26/2013||Denial of Service||Insufficient Anti-Automation||Downtime||Finance|
|2013-109||WHID 2013-109: Anonymous Hacks US Government Site, Threatens Supreme 'Warheads'|
The hacktivist group Anonymous hacked the U.S. federal sentencing website early Saturday, using the page to make a brazen and boisterous declaration of "war" on the U.S. government.
|2013-108||WHID 2013-108: Buy Way Hit by Extortionist Rex Mundi Hackers|
Hacker group Rex Mundi, which recently attempted to extort $15,000 from AmeriCash Advance and $50,000 from Drake International, now claim to have breached the servers of Belgian company Buy Way
|http://www.esecurityplanet.com/hackers/buy-way-hit-by-extortionist-rex-mundi-hackers.html||1/25/2013||SQL Injection||Improper Input Handling||Leakage of Information||Retail|
|2013-107||WHID 2013-107: Texas Credit Union Hit by DDoS Attackers|
University Federal Credit Union, the $1.5 billion institution headquartered in Austin, Texas, confirmed Friday that it was taken down “for around two and one-half hours” on Thursday in a cyber attack
|http://www.cutimes.com/2013/01/25/texas-credit-union-hit-by-ddos-attackers?ref=hp||1/25/2013||Denial of Service||Insufficient Anti-Automation||Downtime||Finance|
|2013-106||WHID 2013-106: After Ransom Request, Trading Firm Repelled Hacker Attacks|
The last in a year-long series of hacker attacks on Henyep Capital Markets (UK) Ltd., an online trading platform, was quickly repelled last October
|http://blogs.wsj.com/cio/2013/01/25/after-ransom-request-trading-firm-repelled-hacker-attacks/||1/25/2013||Denial of Service||Insufficient Anti-Automation||Downtime||Finance|
|2013-105||WHID 2013-105: Web server hackers install rogue Apache modules and SSH backdoors|
A group of hackers that are infecting Web servers with rogue Apache modules are also backdooring their SSH (Secure Shell) services in order to steal login credentials from administrators and users.
|http://www.infoworld.com/article/2612975/hacking/web-server-hackers-install-rogue-apache-modules-and-ssh-backdoors--researchers-say.html||1/24/2013||Unknown||Unknown||Planting of Malware||Multiple|
|2013-104||WHID 2013-104: Capital One Website Disrupted, Cyber Protestors Claim Attack|
The website for Capital One was inaccessible for online banking customers for hours overnight, possibly the latest salvo in a long-running cyber protest targeting major Western financial institutions over an anti-Islam movie.
|http://abcnews.go.com/blogs/headlines/2013/01/capital-one-website-disrupted-cyber-protestors-claim-attack/||1/24/2013||Denial of Service||Insufficient Anti-Automation||Downtime||Finance|
|2013-103||WHID 2013-103: More Zimbabwean bank websites hacked|
Metropolitan Bank, the hacking of whose website we reported here two days ago, were not the only local financial institution to suffer at the hands of site defacers in the past couple of weeks. - See more at: http://www.techzim.co.zw/2013/01/more-zimbabwean-bank-websites-hacked-mbca-tetrad-and-others/#sthash.DMxZ56S1.dpuf
|2013-102||WHID 2013-102: Sri Lanka govt Web sites hit in spate of attacks|
A hacker on Tuesday breached the Web site of Sri Lanka Port Authority (SLPA), and also attacked and leaked the Web sites of two Sri Lankan TV channels and the Bureau of Foreign Employment over the last weekend.
|2013-101||WHID 2013-101: Hackers steal thousands from Vancouver church|
It’s very likely that hackers were simply using a banking trojan in a consumer-focused info-stealing campaign and just happened to ensnare the church’s account details from the home computer.
|http://www.infosecurity-magazine.com/news/hackers-steal-thousands-from-vancouver-church/||1/22/2013||Banking Trojan||Insufficient Process Validation||Monetary Loss||Finance|
|2013-100||WHID 2013-100: UNSW confirms hacking breach|
The University of NSW has been the target of a "concerted effort" to hack its systems in December and January forcing the shutdown of 25 of its servers, a spokesman confirmed.
|2013-099||WHID 2013-099: Metropolitan Bank website hacked|
We’re gathering that the websites belonging to Zimbabwean bank, Metropolitan Bank (www.metbank.co.zw) was defaced and subsequently taken down ‘for maintenance’. - See more at: http://www.techzim.co.zw/2013/01/metropolitan-bank-website-hacked/#sthash.9ykIzLxt.dpuf
|2013-098||WHID 2013-098: Altech website hacked|
Australian distributor Altech Computers fell victim to a hacking attack on Sunday after attackers gained access to a page on the company’s website and uploaded images of a pornographic nature.
|2013-097||WHID 2013-007: Phys.Org Hacked, serving up malware|
Phys.Org admitted it was hacked, but says there is no threat. Chrome and Firefox via Google are blocking the malware "attack" site, but Bing and IE do nothing to warn users that "this site may harm your computer."
|http://www.networkworld.com/article/2223853/microsoft-subnet/phys-org-hacked--serving-up-malware--google-blocks-site--but-bing-doesn-t.html||1/16/2013||Unknown||Unknown||Planting of Malware||Education|
|2013-096||WHID 2013-096: Hackers Disrupt Mexican Defense Ministry’s Website|
Hackers claimed a cyberattack on the Mexican defense ministry website on Jan. 16, posting a manifesto from the Zapatista rebel group for two hours.
|2013-095||WHID 2013-095: EMG website hacked by Red Army|
The webpage, http://news-eleven.com, of Eleven Media Group has today been hacked by Red Army (a combination of six different hacker groups namely Blink Hacker Group, Myanmar Hack3rs Unite4m, Myanmar Cyber Army, Black Hack Area, Myanmar Cyber Defence Army, and Cyber Vampire Team).
|2013-094||WHID 2013-094: Culture Ministry website hacked by "Bad Piggies"|
The official website of the Cultural Ministry was still off the air on Wednesday, as police continued to hunt for hackers who tampered with the website yesterday and again today.
|2015-046||WHID 2015-046: PhonCert Hacked||DB Dump||http://siph0n.net/exploits.php?id=3676||1/31/2015||SQL Injection||Improper Input Handling||Leakage of Information||Entertainment|
|2015-045||WHID 2015-045: Women's Resource Centre website hacked by people claiming to support Isis|
After the hacking last week, the umbrella body has been unable to restore its website to working order, and does not know why it has been targeted
|2015-044||WHID 2015-044: Website of Bulgaria's Energy Watchdog Hacked|
Hackers have taken down the website of DKEVR, the Bulgarian energy regulator. - See more at: http://www.novinite.com/articles/165828/Website+of+Bulgaria%27s+Energy+Watchdog+Hacked#sthash.zKOcddf7.dpuf
|2015-043||WHID 2015-042: Higher Education Commission Pakistan Hacked||DB Dump||http://siph0n.net/exploits.php?id=3670||1/29/2015||SQL Injection||Improper Input Handling||Leakage of Information||Education|
|2013-089||WHID 2013-089: Some University of Washington websites hacked|
A group of University of Washington websites was hacked Thursday morning, and pages were replaced by an extremist message that promised death to Americans in Iraq.
|2013-088||WHID 2013-088: Top adult site xhamster victim of large malvertising campaign|
We are observing a particular large malvertising campaign in progress from popular adult site xhamster[.]com, a site that boasts half a billion visits a month.
|https://blog.malwarebytes.org/exploits-2/2013/01/top-adult-site-xhamster-victim-of-large-malvertising-campaign/||1/27/2013||Unknown||Unknown||Planting of Malware||Adult|
|2013-087||WHID 2013-097: Taylor Swift hacked on Twitter and Instagram|
Taylor Swift may be the victim of a recent hack on both of her confirmed Twitter and Instagram accounts. The now-deleted tweets tag Twitter users @Veriuser and @Lizzard and encourages her fans to follow them.
|2015-042||WHID 2015-042: Rex Mundi dumps more data after another entity doesn’t pay extortion demands|
Last week, we hacked the servers of Temporis, allegedly France’s largest network of franchised temp work agencies (www.temporis-franchise.fr).
|http://www.databreaches.net/rex-mundi-dumps-more-data-after-another-entity-doesnt-pay-extortion-demands/||1/27/2015||SQL Injection||Improper Input Handling||Leakage of Information||Recruiting|
|2015-041||WHID 2015-041: Victor Valley College hit by computer security breach|
The entire Victor Valley College Information Technology Department has been placed on paid administrative leave while campus police and an outside company investigate a breach in security protocol, President Roger Wagner said Thursday.
|http://www.databreaches.net/ca-victor-valley-college-hit-by-computer-security-breach-entire-it-dept-put-on-leave/||1/31/2015||SQL Injection||Improper Input Handling||Leakage of Information||Education|
|2015-040||WHID 2015-040: oklahomacounty.org hacked||DB Dump on PasteBin||http://pastebin.com/0ekAGZWs||1/25/2015||SQL Injection||Improper Input Handling||Leakage of Information||Government|
|2013-083||WHID 2013-083: Malaysia Airlines website hacked by 'Cyber Caliphate'|
In a post on its Facebook account, the airline denied its internal servers, which contain passenger information, had been compromised. It said its Domain Name System (DNS) had instead been hijacked, with users redirected to the hackers' website.
|http://www.cnn.com/2013/01/25/asia/malaysia-airlines-website-hacked/||1/26/2013||DNS Hijacking||Insufficient Process Validation||Defacement||Transportation|
|2015-039||WHID 2015-039: ValidDumps.RU Full User Database Dump||DB Dump||http://siph0n.net/exploits.php?id=3668||1/22/2015||SQL Injection||Improper Input Handling||Leakage of Information||Hacker Site|
|2015-038||WHID 2015-038: FreshFiction DB Dumped||DB Dump on PasteBin||http://pastebin.com/ZGfRR7mL||1/24/2015||SQL Injection||Improper Input Handling||Leakage of Information||Media|
|2015-037||WHID 2015-037: Bitcoin news website Coinfire and its Twitter account hacked|
“Well, looks like the XPY supporters got what they wanted. They logged in to our domain registrar account and had our domain taken away from us,” he added.
|http://www.hackread.com/bitcoin-news-website-coinfire-website-twitter-hacked/||1/26/2015||DNS Hijacking||Insufficient Process Validation||Defacement||Media|
|2015-036||WHID 2015-036: Government of Nepal /Nepal Department of Transportation Hacked||DB Dump||http://siph0n.net/exploits.php?id=3665||1/19/2015||SQL Injection||Improper Input Handling||Leakage of Information||Government|
|2013-078||WHID 2013-078: Nigeria: DHQ Blogsite Hacked|
The Defence Headquarters (DHQ)' information blog site, defenceinfo.mil.ng, that was hacked into in the early hours of Friday, 23 January, 2013 has been restored to full operation.
|2015-035||WHID 2015-035: U. Chicago hacked|
It appears we should add the University of Chicago to schools hacked by Carbonic. And yes, chalk it up to another SQLi vulnerability.
|http://www.databreaches.net/u-chicago-hacked-by-teamcarbonic-claim/||1/24/2015||SQL Injection||Improper Input Handling||Leakage of Information||Education|
|2015-034||WHID 2015-034: Ghana government websites targeted by hackers|
The majority of the Ghanaian government's websites, including its main site, have been hacked and are currently offline.
|2015-033||WHID 2015-033: Le Monde hacked: 'Je ne suis pas Charlie' writes Syrian Electronic Army|
Hackers from the Syrian Electronic Army, which supports Syrian President Bashar al-Assad, broke into the Twitter account of Le Monde overnight, the newspaper confirmed on Wednesday.
|2013-074||WHID 2013-074: Russian Dating Site Topface Hacked for 20 Million User Names|
User names and e-mail addresses of 20 million visitors to a Russia-based online dating service have been hacked and offered for sale on a website, according to fraud-detection software-maker Easy Solutions Inc.
|http://www.bloomberg.com/news/articles/2013-01-25/hacker-steals-20-million-passwords-from-unidentified-dating-site||1/25/2013||SQL Injection||Improper Input Handling||Leakage of Information||Social|
|2015-032||WHID 2015-032: Alleged Islamic hackers target NZ websites|
At least two New Zealand websites have been hacked and defaced by a group calling themselves the 'Team Muslim Cyberforce'.
|2015-031||WHID 2015-031: Aussie Travel Cover hack exposes details of 770,000 customers|
A major data breach has hit one of Australia's leading travel insurers, exposing details of three quarters of a million policy holders. But while the hack occurred last year, customers have remained in the dark.
|http://www.cnet.com/au/news/aussie-travel-cover-hack-exposes-customer-details/||1/20/2015||SQL Injection||Improper Input Handling||Leakage of Information||Travel|
|2015-030||WHID 2015-030: philsacra.ust.edu.ph website hacked||DB dump||http://siph0n.net/exploits.php?id=3654||1/17/2015||SQL Injection||Improper Input Handling||Leakage of Information||Education|
|2013-070||WHID 2013-070: Govt sites hacked on eve of SC cybercrime hearing|
On the eve of the Supreme Court's hearing on the Anti-Cybercrime Act of 2012, hackers opposing the law defaced several government websites early Monday.
|2013-069||WHID 2013-089: Road Transport Corporation website hacked|
The official website of the Andhra Pradesh State Road Transport Corporation (APSRTC) was defaced by suspected hackers from Bangladesh on Sunday
|2015-029||WHID 2015-029: DDoS Attacks Slam Finnish Bank|
Police in Finland are investigating a series of distributed denial-of-service attacks against the country's OP Pohjola financial services group that have intermittently shut down online banking and direct debit services
|http://www.bankinfosecurity.com/ddos-attacks-slam-finnish-bank-a-7761||1/7/2015||Denial of Service||Insufficient Anti-Automation||Downtime||Finance|
|2015-028||WHID 2015-028: PowerPulse website hacked||DB dumped||http://siph0n.net/exploits.php?id=3653||1/16/2015||SQL Injection||Improper Input Handling||Leakage of Information||Media|
|2015-027||WHID 2015-027: Virginia county website defaced with Islamic State message|
A Virginia county was the victim of a cyber attack where a group posted messages and videos praising ISIS, the rebel Islamic group that has leveled threats against the United States. - See more at: http://statescoop.com/virginia-county-website-defaced-islamic-state-messages/#sthash.C2MeEh4O.dpuf
|2015-026||WHID 2015-026: Grill parts website experiences system intrusion, payment card breach|
From January 2014 to October 2014, cardholder data was exposed on three separate occasions for various lengths of time due to a cyber attack against Barbecue Renew's web server.
|http://www.scmagazine.com/grill-parts-website-experiences-system-intrusion-payment-card-breach/article/394116/||1/23/2015||SQL Injection||Improper Input Handling||Leakage of Information||Retail|
|2013-064||WHID 2013-064: New York Post Confirms Twitter Accounts Were Hacked|
The New York Post said its Twitter account was hacked after messages were posted citing bogus breaking news about U.S. interest-rate policy and China firing missiles on a U.S. Navy ship.
|2013-063||WHID 2013-063: Lizard Lair Hacked|
Someone hacked LizardStresser[dot]su, the Web site the group uses to coordinate attacks and sell subscriptions to its attacks-for-hire service.
|https://krebsonsecurity.com/2013/01/another-lizard-arrested-lizard-lair-hacked/||1/15/2013||SQL Injection||Improper Input Handling||Leakage of Information||Retail|
|2015-025||WHID 2015-025: Hacker breached Metropolitan State University database with personal info|
In a campuswide e-mail Friday, interim president Devinder Malhotra wrote that a computer hacker apparently got “unauthorized access” to the university database in mid-December, and that investigators are still trying to determine the scope of the data breach.
|http://www.databreaches.net/mn-hacker-breached-metropolitan-state-university-database-with-pe-rsonal-info/||1/16/2015||SQL Injection||Improper Input Handling||Leakage of Information||Education|
|2015-024||WHID 2015-024: FREE SYRIAN HACKERS HACKS OHIO CITY’S WEBSITE|
Free Syrian Hacker Dr.SHA6H hacked and defaced the official Ohio City Website of Perrysburg. He left a message to the defaced page with a message bashing the governments of the world for not solving the Syrian Crisis.
|2015-023||WHID 2015-023: 19,000 French websites hit by DDoS, defaced in wake of terror attack|
Since the three day terror attack that started in France on January 7 with the attack on satirical newspaper Charlie Hebdo, 19,000 websites of French-based companies have been targeted by cyber attackers, AP reports.
|http://www.net-security.org/secworld.php?id=17832||1/16/2015||Denial of Service||Insufficient Anti-Automation||Downtime||Media|
|2015-022||WHID 2015-022: Aqua Marine Boat website hacked||DB dumped on PasteBin||http://pastebin.com/ApnT0YcX||1/13/2015||SQL Injection||Improper Input Handling||Leakage of Information||Retail|
|2015-021||WHID 2015-021: BigBlueInteractive Hacked||Zyklon dumpts DB||http://www.databreaches.net/and-then-i-stumbled-across-these-hacks-by-zyklon/||1/14/2015||SQL Injection||Improper Input Handling||Leakage of Information||Media|
|2015-020||WHID 2015-020: PasteBin DB Dump from lehlel.com|
lehlel.com was hacked and DB dumped
|http://pastebin.ca/2906107||1/14/2015||SQL Injection||Improper Input Handling||Leakage of Information||Social|
|2015-019||WHID 2015-019: Payment cards targeted in attack on pet supplies website|
Tennessee-based ValuePetSupplies.com is notifying several thousand customers that unauthorized persons accessed its servers and installed malicious files to capture personal information – including payment card data – entered into its website.
|http://www.scmagazine.com/payment-cards-targeted-in-attack-on-pet-supplies-website/article/392821/||1/16/2015||Unknown||Unknown||Leakage of Information||Retail|
|2013-055||WHID 2013-055: Boomerang Rentals Issues Statement Following Alleged Security Breach|
UK-based Boomerang Rentals, a videogame rental service, issued a statement Monday, January 12th, following earlier allegations that customer information had been compromised.
|http://www.gamebrit.com/2013/01/12/boomerang-rentals-uk-issues-statement-following-alleged-hack-security-breach-game-rental/||1/12/2013||SQL Injection||Improper Input Handling||Leakage of Information||Gaming|
|2015-018||WHID 2015-018: Notepad++ Releases “Je suis Charlie” Edition, Website Gets Defaced|
The website of the open-source text editor Notepad++ has been defaced by an Islamist hacking group because the developer released a “Je suis Charlie” edition of the software.
|2013-053||WHID 2013-053: Crayola apologizes for Facebook page hack|
The Crayola Facebook page was posting things far more risqué than crayons this past weekend. Unknown hackers took control of the Crayola social media webpage and posted dozens of links to R-rated sites and sexual jokes.
|2015-017||WHID 2015-017: Thousands of American and United airlines accounts hacked, with thieves booking dozens of free trips|
The hackers stole usernames and passwords from a third party source and logged into thousands of accounts. The source of the leak is being investigated as the airlines work to pay back the hacked customers.
|http://www.nydailynews.com/news/national/thousands-american-united-airlines-accounts-hacked-article-1.2075162||1/12/2015||SQL Injection||Improper Input Handling||Leakage of Information||Transportation|
|2013-051||WHID 2013-051: CENTCOM Twitter account hacked, suspended|
The Twitter account for U.S. Central Command was suspended Monday after it was hacked by ISIS sympathizers -- but no classified information was obtained and no military networks were compromised, defense officials said.
|http://www.cnn.com/2013/01/12/politics/centcom-twitter-hacked-suspended/||1/12/2013||Brute Force||Insufficient Anti-Automation||Account Takeover||Social|
|2015-016||WHID 2015-016: Bundaberg Library website used as hacker's billboard|
POLICE are investigating after the Bundaberg Regional Libraries website was hacked by a Syrian activist.
|2013-049||WHID 2013-049: Anonymous claims first victim in 'Operation Charlie Hebdo'|
Hacking collective Anonymous declared war on Islamic extremists after Wednesday's deadly attack on Paris-based satirical newspaper Charlie Hebdo, and the group has now claimed its first victim.
|http://mashable.com/2013/01/10/anonymous-operation-charlie-hebdo/||1/10/2013||Denial of Service||Insufficient Anti-Automation||Downtime||Media|
|2015-015||WHID 2015-015: North Korean official news agency site serves malware|
Users who visited the site of the state-run North Korean news agency, to see the country’s response to the Sony hacking accusations or for other reasons, might want to scan their computers for malware.
|http://www.pcworld.com/article/2868436/north-korean-official-news-agency-site-serves-malware.html||1/13/2015||Unknown||Unknown||Planting of Malware||Media|
|2015-014||WHID 2015-014: Extratorrent Down After Huge DDoS Attack|
xtraTorrent, one of the largest torrent sites on the Internet, remains down following a huge DDoS attack. The site's operators are working hard to mitigate the assault and hope to have the site back online soon.
|https://torrentfreak.com/extratorrent-down-after-huge-ddos-attack-150112/||1/12/2015||Denial of Service||Insufficient Anti-Automation||Downtime||Data Sharing|
|2013-046||WHID 2013-046: Did you visit HuffPo last week? You might have a virus|
This past week, The Huffington Post and several major websites displayed malware-laced advertisements that infected computers and locked them down.
|http://money.cnn.com/2013/01/08/technology/security/malvertising-huffington-post/||1/8/2013||Unknown||Unknown||Planting of Malware||Media|