Websense Security Labs Blog

Websense Security Labs discovers, investigates and reports on advanced Internet threats that traditional security
research methods miss.

Latest Blog Posts

View all posts > 

(April 2011) Posts

SOURCE Boston 2011 Conference RECAP

Posted: 27 Apr 2011 05:46 PM | Anonymous | no comments

I returned this past weekend from SOURCE Boston , where I presented the new features and architecture of Fireshark v2. I have had the opportunity to speak at many conferences before, but this was my first time doing so in my university town of Boston ( Northeastern ), and my first time speaking at SOURCE...


Malicious E-Cards on the prowl

Posted: 26 Apr 2011 09:14 PM | Anonymous | no comments

Emails disguised as electronic cards have been used as bait over and over again for malicious intent. The fact that they are overused is a clear indicator that this lure indeed works. Websense Security Labs™ and the Websense ThreatSeeker® Network recently came across an e-card themed email...


Google Image Poisoning Leads to Exploit

Posted: 21 Apr 2011 09:12 AM | Xue Yang | 1 comment(s)

Google search results have traditionally been the target of black hat SEO campaigns. Websense® Security Labs™ has identified a new trend in which cyber criminals take advantage of Google Image search rankings to spread malware. Websense Security Labs Threatseeker® network has detected that...


Boxes of Money !

Posted: 15 Apr 2011 02:27 AM | John Smith | no comments

Phishing and 419 scams have been around for a while now. However, sometimes they never cease to amaze when it comes to their tactics. We caught this most recent one in one of our Honeypots and thought we would share due to the “over-the-top” images sent.


Also note the horrific markup of the passport. 




Email sent from: usermail.uni-ak.ac.at ([]

Email Subject: urgent response

Email body:

Apologies for having to reach out to you like this, my name is Gideon Kerkula am from Liberia, I and my mother just arrived with 2 inherited trunk boxes which our late father kept in our under ground flat



This Month in the Threat Webscape - March 2011

Posted: 13 Apr 2011 02:12 PM | Anonymous | 1 comment(s)

Major hits

March 17 of this year will be remembered very well for a long time - in fact, we should celebrate it as the BreachID Day from now on. RSA’s Executive Chairman Art Coviello wrote an open letter explaining a short background about the breach, which happened in their “kitchen” as an “extremely sophisticated cyber attack” that put their SecurID product at risk. Even though the breach probably did not disclose any very sensitive data, it pointed out just how fragile the security is.

Popular streaming service Spotify got compromised via third-party ads that served malicious content to all free users. Seems like free does come at a price after all.

Comodo, a cerificate vendor, informed us that nine bogus SSL certificates had been issued for several top Alexa domains. The certificates were revoked immediately. Well, once Comodo found out what had been going on. However, it happened again for two more and again and - in fact, who knows what else?

Are you using TripAdvisor when planning your holidays? You really should expect more spam in the future. The company announced a breach losing all members data. Fortunately, no credit card details - for this time at least.



One more Adobe 0-day vulnerability using Office files

Posted: 11 Apr 2011 04:44 PM | Patrik Runald | no comments

Today Adobe announced a new 0-day vulnerability (CVE-2011-0611) in Adobe Flash Player and Adobe Acrobat that, similar to the previous 0-day from less than a month ago, was found embedded in a Microsoft Office file. The vulnerability allows an attacker to execute malicious code on a computer and has been...

Read more >