Brace for “Shellshock” – 25-year-old Vulnerability is Set to Detonate Against Global Webservers
Posted: Friday, September 26, 2014 11:04 PM by Bob Hansmann
Like an unexploded artillery shell laying dormant for decades, a highly dangerous vulnerability affecting widespread operating system code developed in the 1980’s has placed website operators and security professionals around the world on high alert...   Read more >
CVE-2014-6271 - Remote 'Shellshock' Vulnerability in Bash
Posted: Thursday, September 25, 2014 9:30 AM by ngriffin
CVE-2014-6271 Overview A vulnerability present in Bash up to version 4.3 has been found by Stephane Chazelas. Bash is a shell program found in a range of Unix-based operating systems such as Linux and Mac OS X - a very large population of affected systems...   Read more >
Ongoing Targeted Attacks Continue to Plague Healthcare
Posted: Friday, September 12, 2014 9:00 AM by AToro
Websense® ThreatSeeker® Intelligence Cloud has detected a phishing campaign that targets the Healthcare sector--especially hospitals--phishing for Outlook credentials. This campaign is part of an ongoing trend of campaigns phishing for credentials...   Read more >
Celebrity Photo Data Hack: Lessons for Businesses and Consumers
Posted: Thursday, September 04, 2014 10:52 PM by Charisse Castagnoli
If you're a fan of Jennifer Lawrence, Kirsten Dunst, Kate Upton and others, you may be aware that some of their sensitive personal photos were apparently leaked online over the weekend. These photographs were allegedly obtained through a brute force...   Read more >
Kelihos Botnet Trying to Expand by Harnessing Russian National Sentiments
Posted: Friday, August 22, 2014 2:40 PM by Ran Mosessco
Websense® Security Labs™ has come across an interesting campaign, targeting Russian nationals, trying to lure them to download and run executables on their computers, under the guise of attacking Western government websites. This is presented...   Read more >
Filed under: , ,
Black Hat Takeaways, API Security Roundtable: Lessons Learned in API Security
Posted: Wednesday, August 20, 2014 7:35 PM by Charisse Castagnoli
At Black Hat, Zane Lackey (Signals Sciences, Internet Bug Bounty Program), lead a well-attended discussion about the need to be more thoughtful in our design and implementation of APIs. Externalized APIs are enabling new information sharing paradigms...   Read more >
4.5 Million Customer Data Records Stolen from US Hospitals
Posted: Tuesday, August 19, 2014 3:05 AM by Tamas Rudnai
4.5 million sensitive patient data records have been exfiltrated by a Chinese hacker group, according to a report made on Monday by the US Securities and Exchange Commission. The data includes names, addresses, phone numbers, and Social Security Numbers...   Read more >
Websense Launches Innovative Marketplace to Rapidly Deliver Advanced Cyber Security Value and Address Security Skills Shortage
Posted: Thursday, August 14, 2014 1:05 PM by Adam Bennett
Websense expands best-in-class, cost-effective security services options for customers and partners AUSTIN , August 14, 2014 - Websense, Inc. the global leader in protecting organizations from the latest cyber attacks and data theft, today announced the...   Read more >
Time to Refresh? Global Survey Raises Concerns over Security
Posted: Monday, August 11, 2014 2:20 AM by Neil Thacker
The last thing you want to hear is that a critical security countermeasure is not fit for purpose, but that is precisely what a significant number of security professionals are saying, in the second instalment of findings from Ponemon Institute's...   Read more >
1.2 Billion Passwords Accumulated by CyberVor Cybercriminals
Posted: Thursday, August 07, 2014 5:26 PM by Carl Leonard
Websense® Security Labs™ has seen reports that a small group of cybercriminals, dubbed CyberVor, has amassed a total of 4.5 billion records. These records pertain to a reported quantity of 1.2 billion unique username and password combinations...   Read more >
"BackOff" POS High Level Analysis: Exposing Additional Sensitive Targets and Additional Toolkits in The Cyber Criminal Arsenal
Posted: Wednesday, August 06, 2014 7:00 AM by Elad Sharf
Websense® Security Labs™ has received reports about the new "Point Of Sale" malware dubbed "BackOff" as published by The US Homeland Security office. We have decided to explore the activity through ThreatSeeker® Intelligence...   Read more >
METRO.US Website Compromised to Serve Malicious Code
Posted: Tuesday, July 22, 2014 4:18 PM by Ran Mosessco
Websense® ThreatSeeker® Intelligence Cloud has detected that the U.S. version of the Metro International website ( has been compromised and is serving malicious code. Metro newspaper editions are distributed in high-traffic commuter zones...   Read more >
The Bitly API key and MSNBC unvalidated redirects
Posted: Monday, July 21, 2014 8:00 AM by Pietro Bempos
Websense Security Labs™ has observed a spam/fraud campaign whereby a user is redirected from a real news site to a fake news site. In this case the real site is, which belongs to the well-known cable and satellite channel MSNBC. We have...   Read more >
Filed under: , ,
Global Study: Nearly 30 Percent of Security Professionals Would Completely Overhaul Their Current Enterprise Security System Given Resources & Opportunity
Posted: Thursday, July 17, 2014 8:05 AM by Adam Bennett
AUSTIN , July 17, 2014 - Today, Websense, Inc. released new findings from the global Ponemon Institute survey, “Roadblocks, Refresh, & Raising the Human Security IQ,” which uncovered the communication challenges between IT security professionals...   Read more >
Zeus PIF - The evolving strain looking to defeat your security software
Posted: Monday, July 07, 2014 2:34 PM by Elad Sharf
Websense Security Labs™ have identified a Zeus strain that implements information stealing procedures that appear to be an evolution of the 'DNA' of previous emerging Zeus variants. The Zeus variants in the campaign we're about to describe...   Read more >
Latest Gartner Magic Quadrant for Secure Web Gateways Recognizes Websense as a Leader for Fifth Time
Posted: Monday, July 07, 2014 1:05 PM by Adam Bennett
Independent analysis recognizes Websense and TRITON solutions for completeness of vision and ability to execute SAN DIEGO , July 7, 2014 - Websense, Inc. , a global leader in protecting organizations from advanced cyber attacks and data theft, today announced...   Read more >
Dragonfly's Attacks Against Energy Suppliers - Are You Protected?
Posted: Monday, July 07, 2014 10:47 AM by Carl Leonard
Dragonfly, a group of attackers making headlines recently , has been conducting a malicious campaign targeting the energy sector and industrial control systems (ICS). While the attack vectors in use are common, the group's compromise of update sites...   Read more >
Demystifying NIST – Part 3 – The Future
Posted: Wednesday, July 02, 2014 10:57 AM by Lamont Orange
In the field, I hear a lot of questions about why the NIST framework is particularly more effective than other standards and if it's designed to protect against future threats. The answer to both questions is "yes." Q. How do other current...   Read more >
Demystifying NIST – Part 2 – Implementation
Posted: Tuesday, July 01, 2014 10:00 AM by Lamont Orange
During my last blog post on NIST , I discussed the impact the framework will have on business, specific industries and critical infrastructure. Let's now discuss how businesses can it use to drive business processes. Through the introduction of the...   Read more >
Demystifying NIST – What the New Cybersecurity Framework Means to You
Posted: Tuesday, June 24, 2014 10:00 AM by Lamont Orange
In February 2013, President Obama issued Executive Order 13636: Improving Critical Infrastructure Cybersecurity. The order called for the development of a voluntary, risk-based Cybersecurity Framework - a set of existing standards, guidelines and practices...   Read more >
More News & Views...