Websense Security Labs Blog

Websense Security Labs discovers, investigates and reports on advanced Internet threats that traditional security
research methods miss.

Latest Blog Posts

View all posts > 

Dridex Down Under

Posted: 05 Nov 2015 11:00 PM | Ran Mosessco | no comments

Raytheon | Websense® Security Labs™ has been tracking malicious email campaigns associated with the Dridex banking Trojan since 2014. An interesting development this past week was a regional move to target Australia. Dridex botnet 220 related email were being sent to potential victims in the land down under. This is a change from the recent months, when Dridex botnet 220 campaigns have displayed a heavy bias towards U.K.-based potential victims. 



Filed under: ,

Newest Flash Player Exploit & Double Nuclear Exploit Kit Payload

Posted: 05 Nov 2015 09:43 PM | ngriffin | no comments

Yesterday, we blogged about a malvertising campaign affecting a popular Indonesian news site and leading to the Nuclear Exploit Kit. Today we came across another compromised website that leads to the Nuclear Exploit Kit, but this time we received two malware payloads after the newest Adobe Flash Player...


Filed under: , , ,

Popular Indonesian Tech News Site Serves Up a Side of Malware

Posted: 04 Nov 2015 06:39 AM | ngriffin | no comments

Raytheon | Websense ® Security Labs ™ researchers have identified a recent malvertising campaign affecting a popular Indonesian technology news site, Tabloid Pulsa. Users browsing to this site are being redirected to an exploit kit and served up malware, due to a compromised advertising script...


The iPhone 6S £1 Facebook UK Scam

Posted: 15 Oct 2015 07:05 AM | ngriffin | 1 comment(s)

Apple products are no strangers when it comes to the world of online scams, so it was no surprise recently when Raytheon | Websense ® Security Labs ™ researchers discovered a new Facebook post being shared that was offering an iPhone 6S for only £1. Of course, getting a brand new iPhone...


Filed under: , , , ,

Infrastructure Re-use: Shared Frameworks and Attack Vectors

Posted: 09 Oct 2015 12:00 PM | Jose Barajas | no comments

Infrastructure Re-use: Shared Frameworks and Attack Vectors

The threat landscape is constantly evolving, but in some ways there are fewer changes, or even attempts to camouflage, than you might expect: Bad actors often host and launch their malicious campaigns from the same locations, making pockets of the Internet akin to a really bad neighborhood with gangs sharing headquarters. 



Typo-squatting: Fast Turnaround for Fast Money

Posted: 11 Sep 2015 02:00 PM | Jose Barajas | no comments

In the spring, Websense® Security Labs identified a rising trend in bold, well-researched, targeted fraud attacks using typosquatting and false headers as their primary gambit. Since then, these fraudulent attacks have continued, logging immense gains in both volume and success: the FBI’s Internet...

Read more >