The goal of this project is to make virtual world a safer and better place without child pornography, major computer crime and RIAA.
Login As
You can log in if you are registered at one of these services:
Security Bulletins
Latest Malware Updates

Infostealer.Posteal

02/26/2015

Downloader.Busadom

02/26/2015

Trojan.Ladocosm

02/26/2015

SONAR.SuspDocRun

02/25/2015

SONAR.SuspHelpRun

02/25/2015

Insiders assisted the hackers to breach Saudi Aramco

Insiders assisted the hackers to breach Saudi Aramco

One or more insiders with high-level access are suspected to help hackers who infected about 30 thousands computers of the oil company Saudi Aramco in Saudi Arabia. It is reported by Reuters, citing sources familiar with the company's internal investigation.

The attack was carried out with the help of Shamoon - virus, which was distributed to the company’s intranet and deleted all the data from computers hard drives. According to the Saudi Aramco, the virus damaged only office computers and did not get to the software systems responsible for technical operations.

Hackers from the group The Cutting Sword of Justice claimed responsibility for the attack on the oil company. Members of the group denied the information about the insiders help, and claimed that they stole some confidential information from the company and promised to publish it. However, so far no sensitive data of a major oil company has been published.

Saudi Aramco declined to comment on the given information saying: “Saudi Aramco doesn't comment on rumors and conjectures amidst an ongoing probe.”

Hackers responsible for the attack said that the motives of oil company breach were exclusively political. Attackers have stated that Saudi Aramco is the main source of income of the Government of Saudi Arabia involved in "crimes and atrocities" in Syria and Bahrain.

(c) Naked Security


Security Advisories Database

Remote Code Execution Vulnerability in Microsoft OpenType Font Driver

A remote attacker can execute arbitrary code on the target system.

07/21/2015

SQL Injection Vulnerability in Piwigo

SQL inection vulnerability has been discovered in Piwigo.

02/05/2015

Cross-site Scripting Vulnerability in DotNetNuke

A cross-site scripting (XSS) vulnerability has been discovered in DotNetNuke.

02/05/2015

Cross-site Scripting Vulnerability in Hitachi Command Suite

A cross-site scripting vulnerability was found in Hitachi Command Suite.

02/02/2015

Denial of service vulnerability in FreeBSD SCTP RE_CONFIG Chunk Handling

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Apache Traffic Server HTTP TRACE Max-Forwards

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in MalwareBytes Anti-Exploit "mbae.sys"

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Linux Kernel splice

An attacker can perform a denial of service attack.

01/29/2015

Denial of service vulnerability in Python Pillow Module PNG Text Chunks Decompression

An attacker can perform a denial of service attack.

01/20/2015