Saudi Aramco Confirms Scope of Malware Attack

Officials at oil giant Saudi Aramco have confirmed that about 30,000 of the company’s workstations were hit by a malware attack on August 15, a number that lines up with claims made in posts on Pastebin by a group taking credit for the attack. The company said that while tens of thousands of machines were infected, its core oil production capabilities were not affected by the attack.

Woman Sentenced to 2.5 Years in Prison for ‘Cashing In’ on Hacking Scheme

A Nigerian woman this week was sentenced to 2 years, six months in a U.S. prison for taking part in “one of the most sophisticated and organized computer hacking and ATM cashout schemes ever perpetrated,” according to the FBI.

Sonya Martin, 45, was part of a hacking cell that used sophisticated techniques to break the encryption used by payment processor WorldPay US to protect some 1.5 million worldwide customers’ payroll debit card accounts. Employers used the debit cards to pay workers instead of issuing paper checks.

Aramco Threatened With New Attack

Attackers are threatening to launch a second assault on Saudi Aramco on Saturday in order to prove its abilities and the fact that it’s not relying on help from an Aramco insider. The first attack on the oil company occurred last week and resulted in the company taking its Web sites offline, saying that it had been hit by a malware infection on some of its workstations.

A more than three-month old intrusion into networks at the University of South Carolina may have compromised the personal information of some 34,000 individuals associated with the school’s College of Education.

While researchers continue to dig into the Shamoon malware, looking for its origins and a complete understanding of its capabilities, a group calling itself the Cutting Sword of Justice is claiming responsibility for an attack on the massive Saudi oil company Aramco, which some experts believe employed Shamoon to destroy data on thousands of machines. 

Web administrators using the popular Wordpress platform should heed the cautionary tale of microprocessor maker AMD and make sure they update their Web sites to secure vulnerabilities.

The company site was hacked over the weekend by someone called “r00tbeer” said to be part of a small enclave called r00tBeer Security Team. The bounty: 189 accounts in a SQL database that amounted to 32kb of data. The leaked information included usernames, email addresses and salted passwords of AMD employees and public relations personnel.

There is a new attack campaign that’s targeting dissidents in Syria by enticing them to install an alleged security tool called AntiHacker, but instead installs the infamous DarkComet remote access tool that has the ability to log keystrokes, capture webcam images and take other surreptitious actions. 

The controversial document-sharing site WikiLeaks was back online Monday evening after sustaining a week-long distributed denial-of-service attack.

The organization apparently received some extra capacity and assistance from Web performance and security firm Cloudfare to counter the 10 gigabits per second of bogus traffic that overwhelmed servers for numerous WikiLeaks domains and several supporters’ sites.

One of the more pernicious and as-yet incurable diseases in security is the resistance to sharing data. Organizations large and small collect all sorts of information on attacks, vulnerabilities and threats and, for the most part, it simply sits in databases and is never of any use to anyone outside of the organization. But there’s an effort underway at the Georgia Tech Research Institute to change that through the use of a new information-gathering and analysis system called Titan.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.