Websense Security Labs Blog

Websense Security Labs discovers, investigates and reports on advanced Internet threats that traditional security
research methods miss.

Latest Blog Posts

View all posts > 

(February 2013) Posts

Honeyclient Evasion Techniques, Bible.org Case

Posted: 25 Feb 2013 03:55 AM | Elad Sharf | 1 comment(s)


Hot on the heels of the NBC.com hack last week, Websense® Security Labs™ researchers were alerted by SANS to another high profile website compromise on Friday: bible.org . It appears that the offending code has now been removed from the bible.org website. At first glance, this seemed to be...

Read more > 

Filed under: ,

NBC.com Compromised

Posted: 22 Feb 2013 01:05 AM | Patrik Runald | no comments


Earlier today the main website of NBC and some of their show websites (such as www.jaylenosgarage.com) were compromised and served malicious content to users. The malicious content was inserted as a one-line iframe tag on one of the JavaScripts that gets loaded every time a user visits the page: This...

Read more > 

Filed under:

APT1: A Prevention Perspective

Posted: 20 Feb 2013 07:01 PM | Charles Renert | no comments


There's been increased interest in targeted attacks and advanced persistent threats in the news lately, from the intrusions on large media outlets and hacks on social networking sites to a recent detailed report of the tactics behind the infiltration of a sophisticated attack family dubbed "APT1"...

Read more > 

Filed under: , , , , , ,

2013 Threat Report: More Than Scary Stats and Chilling Charts

Posted: 13 Feb 2013 08:30 AM | Carl Leonard | no comments


The 2013 Threat Report from the Websense® Security Labs™ is now available.

 

The report details mobile, social, email and web-based threats, and while it is full of ominous data points, it is a very interesting read. The report is designed to help security professionals keep current with threat trends and improve the effectiveness of existing security solutions. It can also be used to identify and prioritize security gaps that may require new approaches and more innovative strategies.

 

Creating the report began with the ThreatSeeker® Network, composed of big data clusters used by the WSL to collect and manage up to 5 billion inputs each day from 900 million global endpoints. Malware samples, mobile applications, email content, web links and other information were then passed through deep analysis processes including our Advanced Classification Engine (ACE), which applied over 10,000 different analytics.

 

...

Read more > 

Filed under: , , , , , , , , , , , , , ,

Battered Twitter, Phish but no Chips! [Updated]

Posted: 05 Feb 2013 04:47 PM | Jason Hill | no comments


Hot on the heels of Friday’s announcement by Twitter that they ‘detected unusual access patterns that led to us identifying unauthorized access attempts to Twitter user data’ and subsequent confirmation that ‘attackers may have had access to limited user information’ for  ‘approximately 250,000 users’,  Websense® Security Labs™ are tracking a phishing campaign propagated via Twitter’s direct message functionality.

...

Read more > 

Filed under: , ,

The CVE-2012-4792 and the Spear-Phishing Rotary Domains (Part 2)

Posted: 05 Feb 2013 10:00 AM | Gianluca Giuliani | no comments


 

In the previous part of our report, we analyzed  the malicious content detected in the domain "rotary-eclubtw.com". We detected the exploitation code for the vulnerability CVE-2012-4792 and analyzed the Flash file which was used to contain the heap spray code and the shell code. In this part we are going to show some of the details that we extracted from the shell code and from behavioral analysis of the malware installed after a successful exploiting attempt. We have also added some details related to the domain name using the WHOIS records and internal data.

 

Why are waterhole attacks occurring? What is the attackers' objective, both here and in other cases? As we learned from this analysis, the malware is used to steal files from compromised computers, while also enabling monitoring of the user's emails and other activities. We also found suspicious ties to sites potentially targeting high technology suppliers, perhaps in Taiwan. Read on for details of the attack.

 

...

Read more > 

Filed under: ,

Super Bowl Sunday for iOS 6.1 Jailbreak [Updated]

Posted: 01 Feb 2013 05:31 AM | Elson Lai | no comments


February 3, 2013 not only marks the start of Super Bowl Sunday, it could also signify the arrival of a new untethered iOS jailbreak.

 

The newly formed hacking group, going by the name of evad3rs, is reportedly close to completing their latest iOS 6.1 jailbreak. More importantly this jailbreak works on the A5 and A6 chip architectures in the latest flagship iOS devices. 

 

Previous reports claiming that the group held back releasing the jailbreak, in the knowledge that Apple were to release the long awaited iOS 6.1 update which surfaced on Monday. The group claims that publishing the exploit earlier would allow Apple to develop a patch to counter-act their efforts. So, immediately after the iOS 6.1 release, some four and a half months after the original iOS 6 release, the group have said they are ready.

 

...

Read more > 

Filed under: , , , , , ,