NEWS - August 23, 2012

Google is looking to go proactive on privacy issues. The search giant recently posted a job listing for a data privacy engineer to work within their Privacy Red Team. The listing is notable, given that Google settled a privacy case with the FTC last week to the tune of $22.5 million.

A data privacy engineer will "help ensure that our products are designed to the highest standards and are operated in a manner that protects the privacy of our users," the job posting explains.

Specifically, the posting continues, the candidate will work as member of Google's internal Privacy Red Team. The perspective employee will "independently identify, research, and help resolve potential privacy risks across all of our products, services, and business processes in place today."

"Top candidates will have an intimate knowledge of the inner workings of modern web browsers and computer networks, enjoy analyzing software designs and implementations from both a privacy and security perspective, and will be recognized experts at discovering and prioritizing subtle, unusual, and emergent security flaws," the posting says.

Continued : http://www.securityweek.com/google-develop-red-team-address-privacy-issues

Also:
Google Privacy 'Red Team' Formed To Avoid Future Gaffes
Google instituting internal Privacy Red Team
Google Building Privacy Red Team

Attackers are threatening to launch a second assault on Saudi Aramco on Saturday in order to prove its abilities and the fact that it's not relying on help from an Aramco insider. The first attack on the oil company occurred last week and resulted in the company taking its Web sites offline, saying that it had been hit by a malware infection on some of its workstations.

The warning of the upcoming attack was posted on Pastebin Thursday, saying that the attack is the result of the "arrogance" and "brutality" of Aramco, a massive oil producer in Saudi Arabia.

"What we're going to do to prove our ability to do more? well, we don't really need or even feel like proving anything to anyone and show them that we can, but here is a headline story: we are going to make it, next week, once again, and you will not be able by 1% to stop us," the group said in its post.

The original attack on Aramco began on August 15 and while the details are murky, the company's Web sites have been offline for more than a week. Aramco officials said that the attack affected a few of the company's workstations and that no critical systems were hit. However, the group that claimed responsibility for the attack, which included a malware infection as well as a subsequent DDoS attack on the Web sites, claimed to have destroyed data on thousands of machines.

Continued : https://threatpost.com/en_us/blogs/aramco-threatened-new-attack-082312

Also: Aramco hackers threaten to attack oil giant again

From Websense Security Labs Blog:

Websense ThreatSeeker Network intercepted a malware campaign targeting Blackberry customers. These fake emails state that the recipient has successfully created a Blackberry ID. The messages then continue, "To enjoy the full benefits of your BlackBerry ID, please follow the instructions in the attached file." That, of course, is an attempt to lure victims into running the attached malware. [Screenshot: Malicious Email]

The malicious email itself is a copy and paste of a legitimate email from Blackberry. And though the attachment indeed raises suspicion, there's no malicious or compromised URL in it. 17/36 AV engines identify the malware in VirusTotal.

ThreatScope analysis, which is a part of the Websense CSI service, reports that running the attachment drops other executable files and modifies the system registry to automatically start these malware programs when the system starts.

Continued : http://community.websense.com/blogs/securitylabs/archive/2012/08/22/benefits-of-your-blackberry-id-in-this-attached-malware.aspx

From the TrendLabs Malware Blog:

We were alerted to reports of a Crisis/MORCUT malware that supposedly spreads on VMware virtual machines. Our previous post about Crisis/MORCUT cites that it is a backdoor found to specifically target Mac OSX systems. This time around, the Crisis/MORCUT we have on our hands runs in Windows, and interestingly, mounts on virtual disks.

Currently, arrival for this variant is still to be determined, though it might have started from the downloading of a malicious Java applet (detected as JAVA_AGENT.NTW). The Java applet is packaged with two files: mac - the backdoor OSX_MORCUT.A, and win - a worm detected as WORM_MORCUT.A. The win file is executed in a Windows operating system. This file then drops the following component files:

Continued : http://blog.trendmicro.com/new-crisismorcut-malware-mounts-in-virtual-machines/

"Previous research about change in Gauss command server proves wrong."

Because of incorrect research contained in the original report, this article previously misidentified a command and control server that was being accessed by computers infected by the Gauss espionage malware. Contrary to that report, the server is operated by researchers with antivirus provider Kaspersky Lab. Such "sinkholes" are used disrupt computer botnets by preventing infected machines from reporting to malicious servers under the control of the malware operator.

Shortly after this article was published, Kaspersky Chief Security Expert Alexander Gostev issued the following statement:

'After discovering Gauss we started the process of working with several organizations to investigate the C2 servers with sinkholes. Given Flame's connection with Gauss, the sinkhole process was being organized to monitor both the Flame and Gauss' C2 infrastructures. It's important to note that the Gauss C2 infrastructure is completely different than Flame's. The Gauss C2s were shut down in July by its operators and the servers have been in a dormant state by the operators since then. However, we wanted to monitor any activity on both C2 infrastructures.....'

Continued : http://arstechnica.com/security/2012/08/gauss-espionage-malware-phones-home-to-same-servers-as-iran-targeting-flame/