METRO.US Website Compromised to Serve Malicious Code
Posted: Tuesday, July 22, 2014 4:18 PM by Ran Mosessco
Websense® ThreatSeeker® Intelligence Cloud has detected that the U.S. version of the Metro International website ( has been compromised and is serving malicious code. Metro newspaper editions are distributed in high-traffic commuter zones...   Read more >
The Bitly API key and MSNBC unvalidated redirects
Posted: Monday, July 21, 2014 8:00 AM by Pietro Bempos
Websense Security Labs™ has observed a spam/fraud campaign whereby a user is redirected from a real news site to a fake news site. In this case the real site is, which belongs to the well-known cable and satellite channel MSNBC. We have...   Read more >
Filed under: , ,
Global Study: Nearly 30 Percent of Security Professionals Would Completely Overhaul Their Current Enterprise Security System Given Resources & Opportunity
Posted: Thursday, July 17, 2014 8:05 AM by Adam Bennett
AUSTIN , July 17, 2014 - Today, Websense, Inc. released new findings from the global Ponemon Institute survey, “Roadblocks, Refresh, & Raising the Human Security IQ,” which uncovered the communication challenges between IT security professionals...   Read more >
Zeus PIF - The evolving strain looking to defeat your security software
Posted: Monday, July 07, 2014 2:34 PM by Elad Sharf
Websense Security Labs™ have identified a Zeus strain that implements information stealing procedures that appear to be an evolution of the 'DNA' of previous emerging Zeus variants. The Zeus variants in the campaign we're about to describe...   Read more >
Latest Gartner Magic Quadrant for Secure Web Gateways Recognizes Websense as a Leader for Fifth Time
Posted: Monday, July 07, 2014 1:05 PM by Adam Bennett
Independent analysis recognizes Websense and TRITON solutions for completeness of vision and ability to execute SAN DIEGO , July 7, 2014 - Websense, Inc. , a global leader in protecting organizations from advanced cyber attacks and data theft, today announced...   Read more >
Dragonfly's Attacks Against Energy Suppliers - Are You Protected?
Posted: Monday, July 07, 2014 10:47 AM by Carl Leonard
Dragonfly, a group of attackers making headlines recently , has been conducting a malicious campaign targeting the energy sector and industrial control systems (ICS). While the attack vectors in use are common, the group's compromise of update sites...   Read more >
Demystifying NIST – Part 3 – The Future
Posted: Wednesday, July 02, 2014 10:57 AM by Lamont Orange
In the field, I hear a lot of questions about why the NIST framework is particularly more effective than other standards and if it's designed to protect against future threats. The answer to both questions is "yes." Q. How do other current...   Read more >
Demystifying NIST – Part 2 – Implementation
Posted: Tuesday, July 01, 2014 10:00 AM by Lamont Orange
During my last blog post on NIST , I discussed the impact the framework will have on business, specific industries and critical infrastructure. Let's now discuss how businesses can it use to drive business processes. Through the introduction of the...   Read more >
Demystifying NIST – What the New Cybersecurity Framework Means to You
Posted: Tuesday, June 24, 2014 10:00 AM by Lamont Orange
In February 2013, President Obama issued Executive Order 13636: Improving Critical Infrastructure Cybersecurity. The order called for the development of a voluntary, risk-based Cybersecurity Framework - a set of existing standards, guidelines and practices...   Read more >
The official website of AskMen is compromised to serve malicious code
Posted: Monday, June 23, 2014 2:55 PM by AToro
Websense® ThreatSeeker® Intelligence Cloud has detected that the official website of AskMen (at ), a popular free online men's web portal , has been compromised and injected with malicious "drive by" code that appears...   Read more >
Zberp - is there anything to fear?
Posted: Thursday, June 19, 2014 10:31 AM by ngriffin
Websense Security Labs™ see a lot of new malware names on a daily basis. Some are brand new and unique, and others are spin-off variants of well known malware. Recently the name 'Zberp' appeared in the media, with reports suggesting it combines...   Read more >
Filed under: , , , ,
Putting Cyber Criminals on Notice: Watch Your Flank
Posted: Thursday, June 12, 2014 8:45 AM by AToro
In their rush to exploit users, hackers have littered their own creations with easily exploitable vulnerabilities. They're learning that it's not so easy to write secure code. In fact, most of us in the business of securing our applications and...   Read more >
Zeus GameOver
Posted: Tuesday, June 03, 2014 5:36 PM by ngriffin
Zeus is a malware family that we encounter frequently, due to its popularity with cyber-criminal groups. Ever since the Zeus source code was leaked in 2011, there have been many new variants. One such variant is dubbed ‘GameOver’, which recently...   Read more >
A New Global Survey to Start Cybersecurity Conversations
Posted: Tuesday, May 06, 2014 10:27 PM by Jeff Debrosse
Websense recently worked with the Ponemon Institute to uncover the attitudes and opinions of security professionals worldwide—specifically regarding the current state of enterprise security. As a security researcher, I wanted to provide my interpretation...   Read more >
TechNewsWorld: Security Pros Struggle With Cyberthreat Angst
Posted: Tuesday, May 06, 2014 8:21 PM by Patricia Hogan
"As the volume and sophistication of cyberattacks increase, system defenders in the trenches are losing confidence in their ability to protect their organizations' information assets, suggests a survey released last week by Websense and the Ponemon...   Read more >
IE Zero-Day Patch on the Way
Posted: Thursday, May 01, 2014 7:01 PM by Charles Renert
A quick note on CVE-2014-1776 — Microsoft will have a patch out tonight. Especially noteworthy is the decision to patch Windows XP. Good call. Beyond the proactive security provided at all other stages of the threat lifecycle, we've added protection...   Read more >
eWeek: Data Theft a Major Concern for Organization
Posted: Thursday, May 01, 2014 5:29 PM by Patricia Hogan
"Companies lack the tools and intelligence to protect critical information, and there exists a critical deficit of security solution effectiveness, a disconnect in company executives’ perceived value of data and limited visibility into attack...   Read more >
Global Study Finds 63 Percent of Organizations Believe They Can't Stop Data Theft
Posted: Tuesday, April 29, 2014 1:05 PM by News Release Archive
New Ponemon Institute survey suggests key cybersecurity deficits, disconnects and low attack visibility SAN DIEGO , April 29, 2014 /PRNewswire/ -- Today, Websense , Inc. released the first report of the Ponemon Institute survey, "Exposing the Cybersecurity...   Read more >
A Look at CVE-2014-1776 via Windows Crash Reports
Posted: Monday, April 28, 2014 10:42 PM by AlexWatson
Overview Through analyzing Windows Error Reports (a.k.a. Dr. Watson logs), we have identified two possible vulnerabilities (anomalous crashes) in VGX.DLL that may be linked to MSIE 0-day CVE-2014-1776. We have seen a significant spike in crashes of Internet...   Read more >
Microsoft Internet Explorer Zero-day - CVE-2014-1776
Posted: Monday, April 28, 2014 9:00 AM by AToro
A new vulnerability found in Microsoft Internet Explorer affects Internet Explorer versions 6 through 11. However, current reported attacks are targeting only Internet Explorer 9 through 11. The vulnerability allows attackers to remotely execute arbitrary...   Read more >
More News & Views...