WHID 2011-109: PCS Union website downed by ideological DDoS

Entry Title: WHID 2011-109: PCS Union website downed by ideological DDoS
WHID ID: 2011-109
Date Occurred: May 17, 2011
Attack Method: Denial of Service
Application Weakness: Insufficient Anti-automation
Outcome: Downtime
Attacked Entity Field: Politics
Attacked Entity Geography:
Incident Description: The prominent Public and Commercial and Services union
(PCS) is struggling to get its website back online after being hit by a huge
DDoS attack nearly a week ago.
Government aside, sustained attacks against websites with a political theme
are extremely rare in UK, and what has befallen the PCS ­ whose members
include large numbers of public sector and government workers - could rank
as the first time the country has seen a large-scale ideological attack of
this kind.
Starting on 11 May, the union¹s website was hit by traffic 1,000 times its
normal level, taking the site down. As of 16 May, the site is still
unavailable beyond a static homepage that announces the problem, with a fix
unlikely for at least a day or two.
Mass Attack: No
Reference:
http://www.computerworlduk.com/news/public-sector/3280224/pcs-union-website-
downed-by-ideological-ddos/
Attack Source Geography:

WHID 2011-111: Hacker steals customer data from small brokerage

Entry Title: WHID 2011-111: Hacker steals customer data from small brokerage
WHID ID: 2011-111
Date Occurred: May 19, 2011
Attack Method: SQL Injection
Application Weakness: Improper Input Handling
Outcome: Leakage of Information
Attacked Entity Field: Finance
Attacked Entity Geography: Seoul, South Korea
Incident Description: An unidentified hacker has broken into the computer
system of a small South Korean brokerage house to steal the firm's customer
data, the financial regulator said Thursday, adding concerns over financial
firms' computer security maintenance.
The Financial Supervisory Service (FSS) said the hacker infiltrated the
computer server of Leading Investment & Securities Co. and stole 12,000
customers' personal data last week. The stolen data includes their names,
social security numbers, addresses and phone numbers, it said.
Mass Attack: No
Reference:
http://english.yonhapnews.co.kr/business/2011/05/19/85/0503000000AEN20110519
004500320F.HTML
Attack Source Geography:

WHID 2011-112: Hackers breach Sony's password reset system

Entry Title: WHID 2011-112: Hackers breach Sony's password reset system
WHID ID: 2011-112
Date Occurred: May 19, 2011
Attack Method: Stolen Credentials
Application Weakness: Insufficient Password Recovery
Outcome: Account Takeover
Attacked Entity Field: Entertainment
Attacked Entity Geography: Japan
Incident Description: Sony's PlayStation Network is under fire again, with a
new security breach hitting the beleaguered company.
Just days after the network was resurrected following a massive data breach,
there is mounting evidence that hackers have circumvented protections put in
place via a password reset page.
According to the Nyleveia gaming website, hackers have discovered an exploit
that allows them to change user passwords using only a PlayStation Network
account email and date of birth - information which could have been
harvested during the recent attack.
Mass Attack: No
Reference:
http://www.pcauthority.com.au/News/257912,hackers-breach-sonys-password-rese
t-system.aspx
Attack Source Geography: