Websense Security Labs Blog

Websense Security Labs discovers, investigates and reports on advanced Internet threats that traditional security
research methods miss.

Latest Blog Posts

View all posts > 

Raytheon|Websense Security Labs Will Be At Black Hat USA 2015 and Def Con 23

Posted: 30 Jul 2015 06:00 AM | Carl Leonard | no comments


Black Hat USA 2015 starts in the next few days and our security researchers will be in attendance and participating. We are also attending Def Con 23 on 6-9 August 2015. Black Hat and Def Con are seen as the pinnacle of security conferences as security vendors, independent researchers, IT managers, and...

Read more > 

Filed under: , ,

Four Adobe Flash 0-days In Three Weeks - Patches Now Available

Posted: 14 Jul 2015 07:45 AM | Carl Leonard | no comments


Following on from the revelation of a 0-day in Adobe Flash in June 2015 ( CVE-2015-3113 , since patched) 3 further 0-days have been discovered in the last 3 weeks. The 3 have references CVE-2015-5119, CVE-2015-5122, and CVE-2015-5123. The knowledge of the 0-day Proof of Concept code arose from analysis...

Read more > 

Filed under: , , , , ,

Today’s Lesson: End Users in the Education Sector Are Twice as Likely to Visit Malicious Sites

Posted: 07 Jul 2015 10:45 AM | Sindyan Bakkal | no comments


The threat landscape today is both dynamic and diverse. On one end of the spectrum are mass infections and threats that, while not very sophisticated, cast a wide net. On the other hand, we have very advanced targeted threats that are crafted painstakingly with a single target in mind, and executed over...

Read more > 

Filed under: , , , , ,

Adobe Flash Player 0-day Abused In The Wild (CVE-2015-3113), Our Customers Protected

Posted: 24 Jun 2015 08:20 AM | Carl Leonard | no comments


Websense® Security Labs™ researchers are aware of a vulnerability within Adobe Flash Player, CVE-2015-3113. Exploitation of the vulnerability leads to a buffer overflow which can be abused by a malware author to execute arbitrary code on the compromised machine. Adobe have deemed this vulnerability...

Read more > 

Filed under: , , , ,

More SSL Mess - Logjam

Posted: 21 May 2015 03:18 AM | Tamas Rudnai | no comments


More SSL Mess - Logjam

Can we get through a quarter without a major high profile SSL vulnerability? OpenSSL regularly patches high severity issues, however only certain vulnerabilities catch the media’s fancy. Logjam adds to the list of recently discovered high profile SSL vulnerabilities, which include Heartbleed, Poodle and FREAK to name a few. With an estimated 8.4 percent of the Top 1 million domains affected at the time of publication of this blog, this vulnerability poses a significant risk to the internet ecosystem much the same way its predecessors have and still do.

...

Read more > 

Filed under: , , , , , ,