Websense 2015 Threat Report: Top Takeaways for the C-Suite
Posted: Wednesday, April 15, 2015 4:34 PM by Neil Thacker
Last week, Websense released its 2015 Threat Report. This year’s report dives into how existing tools, not technical expertise, are being increasingly used to infiltrate and navigate networks. Rather than reinvent the wheel, or in this case the...   Read more >
Shellshock - Not a Can of Worms if You Patch
Posted: Tuesday, April 14, 2015 8:40 AM by AToro
In information security, 2014 will undoubtedly remain infamous for at least two vulnerabilities that affected the vast majority of the Internet infrastructure and users: Heartbleed and Shellshock . While most system administrators scrambled to apply patches...   Read more >
"Redirect To SMB" Technique Re-Exposes 18-Year-Old Vulnerability
Posted: Monday, April 13, 2015 11:30 AM by Carl Leonard
The Websense Security Labs™ team is aware of a recent discovery that provides attackers with the potential to intercept sensitive user credentials (username, domain, and hashed password). The attack relies on an end user being directed to, and authenticating...   Read more >
Websense 2015 Threat Report: Cybercrime Gets Easier, Attribution Gets Harder, Quality over Quantity and Old becomes the New
Posted: Wednesday, April 8, 2015 8:05 AM by Susan Helmick
New report examines eight trends that pose significant data theft risks for organizations AUSTIN, Texas—April 8, 2015 — Websense , Inc. a global leader in protecting organizations from the latest cyber attacks and data theft, today released...   Read more >
Websense Security Labs Publishes 2015 Threat Report
Posted: Wednesday, April 8, 2015 5:40 AM by Carl Leonard
The Websense® Security Labs™ team has produced our annual Threat Report, the must-read analysis of what’s really happening in the cyber landscape. The human and technical aspects of cyber threats changed dramatically in 2014. We saw new...   Read more >
Filed under:
Over-indulgence in the Easter Eggsploit Kit
Posted: Monday, April 6, 2015 12:00 PM by Jose Barajas
Photography by User: MrX As Peter Cottontail went hippity-hoppin’ down the bunny trail this past Easter weekend, he found it strewn with a different kind of Easter egg: the Fiesta exploit kit, hidden in insidious fashion among the downloadable coloring...   Read more >
Assertiveness is a valuable quality for the C-Level and cyber crooks alike
Posted: Monday, March 30, 2015 1:00 PM by Jose Barajas
Beware, spear-phishing is striking again - Websense Security Labs has become aware of recent spear-phishing attempts utilizing what appear to be forwarded legitimate email messages and a typo-squatted domain. If these targeted attempts are successful...   Read more >
Shopping for a DLP Solution? Ask Yourself These Five Questions First
Posted: Monday, March 23, 2015 5:36 PM by Websense Technical Marketing
“We will never be 100 percent successful in keeping people out of our systems.” So said Dr. Charles Romine, Director of the Information Technology Laboratory, at the U.S. Department of Commerce in remarks to a Senate Committee just days before...   Read more >
RESEARCH: Penalties, Punishment & Prison for Serious Data Breaches say e-Crime Congress Respondents
Posted: Monday, March 23, 2015 3:43 PM by Susan Helmick
Reasons for companies not taking action against data theft include cyber security skills shortage, lack of prioritization & doing the minimum required for legal compliance AUSTIN, Texas —March 23, 2015 — Websense , Inc. a global leader...   Read more >
SSL - a FREAKishly long existence
Posted: Wednesday, March 4, 2015 2:00 AM by Tamas Rudnai

SSL, widely adopted and living on borrowed time, has clearly had a rough year. After Heartbleed, Poodle, and many other high-profile vulnerabilities comes FREAK (Factoring attack on RSA-EXPORT Keys), which at the time of publication of this blog breaks approximately 36% of all sites trusted by browsers as per this link including websites belonging to the NSA and FBI. About 12% of high ranked Alexa websites are also believed to be vulnerable to the flaw at this time, thereby placing visitors to these sites at high risk.


Exposure and Impact


The vulnerability, discovered by Karthikeyan Bhargavan at INRIA in Paris and the mitLS team allows an active attacker to perform a man-in-the-middle attack by downgrading the encrypted connection between a vulnerable client and a server that accepts export-grade RSA keys to 512-bits. The captured key can then be factored using the public cloud in a matter of hours and further be used for decryption of communication between the client and the server. Once the key has been compromised, all personal information including passwords, financial data, etc. is at risk.

...   Read more >
Filed under: , , ,
Websense Selected as Reader Trust Finalist in Three Categories for SC Awards 2015
Posted: Wednesday, February 25, 2015 11:35 PM by Susan Helmick
TRITON® APX acknowledged for Data Leakage Prevention, Email Security, and Web Content Management AUSTIN, Texas—February 25, 2015 — Websense, Inc. a global leader in protecting organizations from the latest cyber attacks and data theft...   Read more >
Ransomware - No Sign of Relief, Especially for Australians
Posted: Wednesday, February 25, 2015 7:50 AM by Carl Leonard
Websense® Security Labs™ researchers observed that ransomware was a plague in 2014 and this threat type shows no sign of relief in 2015. In this blog we profile the user experience for a Torrentlocker variant focusing on the Australian region...   Read more >
Pancake Day - Jamie Oliver site served recipes with a side of Malware
Posted: Wednesday, February 18, 2015 2:30 AM by Jose Barajas
Websense® Security Labs™ researchers are aware of malicious activity recently present on the Jamie Oliver official website. Jamie Oliver is a UK-based celebrity chef with over 10 million visits per month, and is browsed to by users globally...   Read more >
Angler Exploit Kit – Operating at the Cutting Edge
Posted: Thursday, February 5, 2015 9:00 AM by AToro
As we promised in one of our previous blog posts about exploit kits ( Nuclear EK ), we are going to take a more in-depth look at Angler Exploit Kit. Angler EK is possibly the most sophisticated exploit kit currently used by cyberciminals. It has pioneered...   Read more >
Filed under: ,
Another day, another zero-day – Internet Explorer's turn (CVE-2015-0072)
Posted: Thursday, February 5, 2015 2:00 AM by Jose Barajas
Websense® Security Labs™ researchers are aware of a zero-day vulnerability affecting Internet Explorer that could allow a remote, unauthenticated attacker to bypass the Same-Origin Policy (SOP) to hijack the user’s session. The vulnerability...   Read more >
New 'f0xy' malware is intelligent - employs cunning stealth & trickery
Posted: Friday, January 30, 2015 4:18 AM by ngriffin
Websense Security Labs have discovered a new and emerging malware downloader that employs evasion techniques and downloads a cryptocurrency miner. The new malware, which we have named 'f0xy', is able to dynamically change its command-and-control...   Read more >
CVE-2015-0235 - how to handle the "GHOST" vulnerability affecting Linux distributions
Posted: Wednesday, January 28, 2015 3:15 AM by Carl Leonard
Websense® Security Labs™ are aware that a vulnerability has been identified in the GNU C Library that can lead to remote code execution under certain circumstances. The GNU C Library ( glibc ) is a core component of GNU systems and those with...   Read more >
Flash forward – Angler, here we come
Posted: Tuesday, January 27, 2015 2:40 AM by Tamas Rudnai

As mentioned in the post, “Happy Nucl(y)ear - Evolution of an Exploit Kit”, we were planning to discuss the Angler exploit kit in detail in an upcoming post. However, the exploitation of a critical Adobe Flash 0-day vulnerability (CVE-2015-0311, patched) via the Angler exploit kit has fast-tracked our efforts and in this blog, we present the strategy adopted by the exploit kit to evade detection of the 0-day by security scanners. 0-days are valuable commodities and the longer they remain undiscovered, the more value they appropriate for the attacker(s).



Just as defense-in-depth is used as a strategy in the protection scenario, layered obfuscation is its equivalent in the evasion scenario. The attacker is interested in adopting a defense-in-depth approach to protect his / her investment and get the most ROI from exploits. A parallel in the physical world is a medieval castle which was protected by multiple wall system, so even when the external wall had taken down by catapults the so called inner castle was still standing strong.

...   Read more >
Presidential Proposals and Good Governance
Posted: Monday, January 26, 2015 3:50 PM by Charisse Castagnoli
Recently, the President proposed several pieces of legislation meant to increase cyber security and prevent cyber-crime. These new proposals aim to expand federal data protection requirements, currently only applied to healthcare organizations, financial...   Read more >
Flash 0-day being distributed by Angler Exploit Kit
Posted: Thursday, January 22, 2015 4:41 AM by ngriffin
Websense is aware of a new zero-day vulnerability in Adobe Flash Player, which has been seen exploited in-the-wild by the Angler Exploit Kit. The exploit, as reported by security researcher Kafeine , is known to affect the latest version of...   Read more >
More News & Views...