Websense Security Labs Blog

Websense Security Labs discovers, investigates and reports on advanced Internet threats that traditional security
research methods miss.

Latest Blog Posts

View all posts > 

Compromise tagged in these posts

Today’s Lesson: End Users in the Education Sector Are Twice as Likely to Visit Malicious Sites

Posted: 07 Jul 2015 10:45 AM | Sindyan Bakkal | no comments

The threat landscape today is both dynamic and diverse. On one end of the spectrum are mass infections and threats that, while not very sophisticated, cast a wide net. On the other hand, we have very advanced targeted threats that are crafted painstakingly with a single target in mind, and executed over...


Filed under: , , , , ,

Cyber criminals expand use of CVE-2014-0322 before Patch Tuesday

Posted: 10 Mar 2014 01:54 PM | Elad Sharf | no comments

In advance of the Internet Explorer zero-day referenced by the CVE-2014-0322 patch that will commence on patch Tuesday the March 11, we thought it would be helpful to look at how this exploit was utilized in the lure stage, since this may unveil some of the tactics used by crimeware and targeted attack...


Filed under: , , , ,

'GWload' - The 'Social Engineering' Based Mass Injection Making Its Rounds

Posted: 28 Oct 2013 07:30 PM | Elad Sharf | no comments

Websense® Security Labs™ ThreatSeeker® Intelligence Cloud has identified that a new mass injection campaign is making its rounds, compromising and injecting content into tens of thousands of legitimate websites. This campaign is an evolution and expansion of an existing injection campaign...


Filed under: , , ,

Honeyclient Evasion Techniques, Bible.org Case

Posted: 25 Feb 2013 03:55 AM | Elad Sharf | 1 comment(s)

Hot on the heels of the NBC.com hack last week, Websense® Security Labs™ researchers were alerted by SANS to another high profile website compromise on Friday: bible.org . It appears that the offending code has now been removed from the bible.org website. At first glance, this seemed to be...


Filed under: ,

NBC.com Compromised

Posted: 22 Feb 2013 01:05 AM | Patrik Runald | no comments

Earlier today the main website of NBC and some of their show websites (such as www.jaylenosgarage.com) were compromised and served malicious content to users. The malicious content was inserted as a one-line iframe tag on one of the JavaScripts that gets loaded every time a user visits the page: This...


Filed under:

2013 Threat Report: More Than Scary Stats and Chilling Charts

Posted: 13 Feb 2013 08:30 AM | Carl Leonard | no comments

The 2013 Threat Report from the Websense® Security Labs™ is now available.


The report details mobile, social, email and web-based threats, and while it is full of ominous data points, it is a very interesting read. The report is designed to help security professionals keep current with threat trends and improve the effectiveness of existing security solutions. It can also be used to identify and prioritize security gaps that may require new approaches and more innovative strategies.


Creating the report began with the ThreatSeeker® Network, composed of big data clusters used by the WSL to collect and manage up to 5 billion inputs each day from 900 million global endpoints. Malware samples, mobile applications, email content, web links and other information were then passed through deep analysis processes including our Advanced Classification Engine (ACE), which applied over 10,000 different analytics.




Filed under: , , , , , , , , , , , , , ,

Forex Website Targeted: Did Cybercrooks Find the Weakest Link in Online Money Management Services?

Posted: 28 Nov 2012 02:29 AM | Anonymous | no comments


The Websense® ThreatSeeker® Network has detected that a FOREX trading website was injected with a malicious Java applet, which could install malware on the affected systems of the site's users. FOREX is the foreign exchange market where international currencies are traded, and nowadays, it's used by millions of people around the world.


The targeted website is a popular FOREX website called "Trading Forex," located at hxxp://tradingforex.com. One of the questions that is raised when encountering such a compromise is whether some cybercriminal shift their focus from mainstream online money management systems of banks and stock exchanges to "easier wins" with online systems and services that are likely to be less mature from a security perspective. Another interesting fact is that the dropped backdoor at Trading Forex is written in Visual Basic.Net and requires the Microsoft's .NET framework to be successfully installed and operational on the victim's computer.


Websense customers are protected from these and other threats by  ACE, our Advanced Classification Engine.






Filed under: , ,