Meetup Vulnerabilities: Escalation of Privilege and Redirection of Funds

What’s HOT in Application Security Vol #37

Hacktivists reach a new level of cyber terror in Israel

Since the outbreak of hostilities between Gaza and Israel, several Israeli companies as well as those doing business with them have absorbed quite a few cyber attacks. According to various sources, 44 million attacks have been prevented since rockets began falling.

Groupon’s Israeli site was also briefly brought down by a hacking attack originating from Pakistan. Groupon described it as a ‘light attack’ on its US servers that host the website, but stressed that it did not affect its data servers where user information is based, which are located in Germany. Visitors to were greeted with a tirade against Jews on the homepage on November 20th (see screen shot). The problem has since been fixed. For more information: Pro-Palestinian Hackers shut down Groupon Israeli site

“Anonymous,” a hacktivist group that has claimed to have hacked into 650 Israeli websites in response to Israel’s threat to cut off Internet access to the Gaza strip. Israel’s finance minister Yuval Steinitz admitted the attacks were being made, but only one was successful to the point of bringing a site down, which is subsequently brought back up within minutes. However, the group claims to have done much more damage. Among their claims are deleting the database of the Bank of Jerusalem and Ministry of Foreign Affairs; downing Israel’s MSN and defacing; and taking the websites for the IDF, Mastercard and Bing offline. For more information: Hackers declare ‘cyber war’ on Israel after IDF threatens to cut off internet in Gaza.

Olark suffers an embarassing DDos Attack

Olark, a Silicon Valley startup that enables e-commerce stores to monitor and interact with their customers while shopping online, reported a distributed denial of service attack (DDoS) on its servers last week on November 12, with service being affected from 1pm until 2:34pm. The company has upgraded its servers to propagate changes every 5 minutes instead of every 24 hours, and plans to seek third party solutions to filter out DDoS traffic in the future. Service was restored at 2:34pm on November 13. For more information: Olark slowed from distributed denial of service attack

Adobe database hacked and personal information available to the public

Adobe has also confirmed an attack on one of its databases resulting in 150,000 emails and passwords being dumped to the public. The hacker, who goes by the code name ViruS_HimA, says that he exploited a breach using a SQL injection flaw. The site affected was, which was taken off line temporarily. The attack, however, was not malicious as the hacker intended to check Adobe’s security to see how effective it was. “I just want to be clear that I’m not going against Adobe or any other company,” he said.

He continued, “I just want to see the biggest vendors safer than this. Every day we see attacks targeting big companies using Exploits in Adobe, Microsoft, etc. So why don’t such companies take the right security procedures to protect their customers and even themselves?”
The hacker warned Yahoo that he’d be testing their security next. For more information: Adobe Hacker Says He Used SQL Injection To Grab Database Of 150,000 User Accounts

Jump to Category