Websense Security Labs Blog

Websense Security Labs discovers, investigates and reports on advanced Internet threats that traditional security
research methods miss.

Latest Blog Posts

View all posts > 

(May 2012) Posts

The Amnesty International UK website was compromised to serve Gh0st RAT [Update]

Posted: 11 May 2012 01:29 AM | Gianluca Giuliani | no comments


Between May 8 and 9, 2012, the Websense® ThreatSeeker® Network detected that the Amnesty International United Kingdom website was compromised. The website was apparently injected with malicious code for these 2 days. During that time, website users risked having sensitive data stolen and perhaps infecting other users in their network. However, the website owners rectified this issue after we advised them about the injection. In early 2009, we discovered this same site was compromised, and in2010, we reported another injection of an Amnesty International website, this time the Hong Kong site.

...

Read more > 

Filed under: , , , ,

Canada’s Cybercrime Report Card: Better or Worse in 2012?

Posted: 10 May 2012 09:39 PM | Patrik Runald | no comments


Last May 2011 , we conducted an analysis of Canada’s cyber security risk profile, which led to the discovery of a disturbing trend. Canada had become the newest breeding ground of cybercriminal activity. In the hopes that things would get better, we conducted an exact comparison of the same cybersecurity...

Read more > 

Pinning Down Pinterest

Posted: 04 May 2012 08:08 PM | RM | 1 comment(s)


There has been a lot of talk lately about Pinterest, the "virtual pinboard" that allows you to "organize and share all the beautiful things you find on the web." Pinterest uses online social networking to extend the ways you can share your images. Its mission statement reads: "Our...

Read more > 

Filed under: , ,

The Institute for National Security Studies (Israel) falls prey to Poison Ivy infection

Posted: 02 May 2012 01:06 AM | Gianluca Giuliani | no comments


The Websense® ThreatSeeker® Network has detected that the Institute for National Security Studies (INSS) website in Israel was injected with malicious code. INSS is described in its website as an independent academic institute that studies key issues relating to Israel's national security and Middle East affairs.

 

While we can't determine that the infection of this website with exploit code is part of a targeted attack, one could deduce that visitors to this type of site are likely to have an interest in national security or are occupied in this field. The website appears to be injected with malicious code for over a week now. (Websense' ACE provided protection against the type of injected malicious code since early 2009)

 

One of the interesting facts about this infection is that it uses the same Java exploit vector (CVE-2012-0507) that managed to infect around 600,000 Mac users in a massive scatter attack dubbed Flashback a few weeks ago.

 

...

Read more > 

Filed under: , , ,