Websense Security Labs Blog

Websense Security Labs discovers, investigates and reports on advanced Internet threats that traditional security
research methods miss.

Latest Blog Posts

View all posts > 

CVE-2015-0235 - how to handle the "GHOST" vulnerability affecting Linux distributions

Posted: 28 Jan 2015 03:15 AM | Carl Leonard | no comments


Websense® Security Labs™ are aware that a vulnerability has been identified in the GNU C Library that can lead to remote code execution under certain circumstances. The GNU C Library ( glibc ) is a core component of GNU systems and those with the Linux kernel; thus it has potential for a very...

Read more > 

Filed under: , , ,

Flash forward – Angler, here we come

Posted: 27 Jan 2015 02:40 AM | Tamas Rudnai | no comments


As mentioned in the post, “Happy Nucl(y)ear - Evolution of an Exploit Kit”, we were planning to discuss the Angler exploit kit in detail in an upcoming post. However, the exploitation of a critical Adobe Flash 0-day vulnerability (CVE-2015-0311, patched) via the Angler exploit kit has fast-tracked our efforts and in this blog, we present the strategy adopted by the exploit kit to evade detection of the 0-day by security scanners. 0-days are valuable commodities and the longer they remain undiscovered, the more value they appropriate for the attacker(s).

 

 

Just as defense-in-depth is used as a strategy in the protection scenario, layered obfuscation is its equivalent in the evasion scenario. The attacker is interested in adopting a defense-in-depth approach to protect his / her investment and get the most ROI from exploits. A parallel in the physical world is a medieval castle which was protected by multiple wall system, so even when the external wall had taken down by catapults the so called inner castle was still standing strong.

...

Read more > 

Filed under: , , , ,

Flash 0-day being distributed by Angler Exploit Kit

Posted: 22 Jan 2015 04:41 AM | ngriffin | no comments


Websense is aware of a new zero-day vulnerability in Adobe Flash Player, which has been seen exploited in-the-wild by the Angler Exploit Kit. The exploit, as reported by security researcher Kafeine , is known to affect the latest 16.0.0.287 version of Flash Player and has been seen dropping a trojan...

Read more > 

Filed under: , , , , , , ,

Sony Pictures Entertainment Hack – Truly motion picture worthy

Posted: 22 Dec 2014 07:45 AM | ngriffin | no comments


Blackmail, secretive master-plan, sabotage, drama, politics, thriller, hostage, the list goes on - this is not the plot-line of an immersive Hollywood motion picture, but rather the highlights of the recent hack on Sony Pictures Entertainment (SPE). Although it is one of the most serious breaches that...

Read more > 

Black Friday Themed Amazon Voucher Scam

Posted: 21 Nov 2014 03:15 AM | Xue Yang | no comments


The Websense ® ThreatSeeker ® Intelligence Cloud has detected Amazon voucher scams using Black Friday Gift Card themes as a lure. We have observed a surge of over 20,000 spam emails with the subject of "Amazon Black Friday Gift Card #XXXXXXXXX" since Thursday 20th November (where "X"...

Read more > 

Filed under: , ,

SSLv3 "POODLE" Vulnerability CVE-2014-3566

Posted: 15 Oct 2014 03:40 AM | ngriffin | no comments


CVE-2014-3566 Overview Websense® Security Labs are aware of a critical vulnerability that exists in SSLv3, dubbed as "POODLE" by the Google Security Team . The vulnerability has also been explained in a security advisory by OpenSSL and given the CVE number CVE-2014-3566 . Readers, take...

Read more > 

Filed under: , ,