Choose from several options for complete web, email and data security.
Learn more
Evaluate Websense products by watching demos and installing evaluation software.
Learn how Websense solutions help keep our customer safe, secure and productive
Get information on product updates, support resources and more.
Get the most out of support in five simple steps.
Find tools and assets to help sell Websense solutions.
Come work for the global leader in unified information security. Go
Contact us>
In the wake of recent account compromises, including Associated Press and the rampant breaches orchestrated by the "Syrian Electronic Army", Twitter have recently released 2FA (2 Factor Authentication), which is a most welcome addition to bolster users' security. It is not, however, the be-all and end-all: users are still responsible for choosing strong, hard-to-guess passwords. If your password is compromised, control of your account may be lost to malicious actors.
While it's true that, given enough time and resources, all passwords are crackable regardless of their complexity – a pass-string of 200 random characters is ultimately just as vulnerable to brute forcing as a password containing just one character – the aim of a complex pass-string is to make an attack chronologically infeasible. Let’s first take a look at the total number of possible combinations for a given base of elements:
A new vulnerability found in Microsoft Internet Explorer affects Internet Explorer version 8. The vulnerability allows attackers to execute code on a machine by just having the user visit a malicious website. This can happen, for example, when the user is tricked into clicking a link in an email or via compromised legitimate websites such as the recently compromised Department of Labor website which was subsequently used in a water-hole attack. Malicious payloads delivered from this compromise were confirmed by Microsoft to exploit the new vulnerability, designated CVE-2013-1347.
This blog describes briefly what WebShells are, and how attackers can use WebShells to gain powerful shell level/system level access to a server. WebShells have been used in attacks for quite a long time now, but with changes in attack trends, cyber criminals are getting more sophisticated with deployment techniques and methods to circumvent detection. With the help of our Websense® ThreatSeeker® Intelligence Cloud, we came across a few examples in which attackers have used different techniques. These are elaborated on further in this blog.
Many mass compromises are accomplished in an automated fashion: vulnerabilities are enumerated, and after one is found, exploits are automatically deployed. The takeover process usually involves downloading a remote administration tool for the compromised website. One common tool deployed by attackers once they compromise a website is a WebShell.
Whilst the world recoils in shock at the atrocious events at Monday's Boston Marathon, cyber-criminals are actively seeking to exploit people's thirst for information and eagerness to help those affected by the attacks.The Websense ThreatSeeker® Network is currently detecting and blocking multiple email-borne campaigns that attempt to lure unsuspecting recipients to malicious websites in order to exploit their machines for criminal gains.
Let's follow this campaign through the 7 Stages of Advanced Threats (as explained in our whitepaper) to see how cyber-criminals attempt to dupe and compromise users and their machines. We'll also show that breaking any one link in the chain can protect potential victims.
Websense® Security Labs™ got an alert from Websense ThreatSeeker® Network just one hour ago. The ThreatSeeker Network has detected that a DNS poisoning attack is happening in Kenya, with local big name websites in information technology targeted including Google, Bing, and LinkedIn. Although it is just a defaced page, it could easily be replaced with a malicious page by the attackers.
Follow us on SpiceWorks
BlogRoll
We want to hear from you!
