Websense Security Labs Blog

Websense Security Labs discovers, investigates and reports on advanced Internet threats that traditional security
research methods miss.

Latest Blog Posts

View all posts > 

0-day tagged in these posts

Cyber criminals expand use of CVE-2014-0322 before Patch Tuesday

Posted: 10 Mar 2014 01:54 PM | Elad Sharf | no comments

In advance of the Internet Explorer zero-day referenced by the CVE-2014-0322 patch that will commence on patch Tuesday the March 11, we thought it would be helpful to look at how this exploit was utilized in the lure stage, since this may unveil some of the tactics used by crimeware and targeted attack...


Filed under: , , , ,

Up to 37% of Enterprise Computers Vulnerable to Microsoft Office Zero-day CVE-2013-3906

Posted: 07 Nov 2013 12:45 AM | Ran Mosessco | no comments

A new vulnerability related to the parsing of TIFF images was found in the Microsoft Graphics component that affects Microsoft Windows, Microsoft Office, and Microsoft Lync. Microsoft published Security Advisory 2896666 explaining the details. Microsoft Fix it 51004 is available to alleviate the problem until an update is available.



Filed under: , ,

Zero-Day Attack for Internet Explorer (CVE-2013-3897) Goes High Profile

Posted: 09 Oct 2013 03:26 AM | Elad Sharf | no comments

Websense® Security Labs™ has seen a new zero-day exploit for Internet Explorer (CVE-2013-3897) used in highly targeted, low-volume attacks in Korea, Hong Kong, and the United States, as early as September 18th, 2013. The publication of the vulnerability details ( CVE-2013-3897 ) were shared...


Filed under: , , , , ,

Cybercriminals Behind CVE-2013-3893 Launched Attacks Earlier Than Previously Reported; More Widespread

Posted: 26 Sep 2013 11:59 AM | AlexWatson | no comments

Websense Security Labs™ Websense ThreatSeeker® Intelligence Cloud has discovered that attacks utilizing the most recent Internet Explorer 0-day (CVE-2013-3893) are more prevalent than previously thought.  In this write up we shall analyze the exploit code and perform analysis on the dropped malicious file.


Executive Summary

  • Websense protected our customers using real-time analytics that have been in place for nearly three years.
  • We have seen the CVE-2013-3893 exploit targeting Japanese firms in the financial industry, being hosted on a Taiwanese IP address.
  • Our ThreatSeeker Intelligence Cloud reported a potential victim organization in Taiwan attempting to communicate with the associated malicious command & control server.
  • Our telemetry indicates that the attack described above has a suitably high degree of segmentation between previous attacks as to indicate that possibly different team are using the same tool sets.


Filed under: , , , , , ,

Up To 70% of PCs Vulnerable to Zero-Day: CVE-2013-3893

Posted: 18 Sep 2013 06:35 AM | Artem Gololobov | no comments

Another new vulnerability found in Microsoft Internet Explorer affects Internet Explorer versions 8, and 9 and used in a wild by cybercriminals, also specific configurations of Internet Explorer 6, 7, 8, 9, 10 and 11 are also potentially vulnerable. The vulnerability allows attackers to execute code on a machine by just having the user visit a malicious website. This can happen, for example, when the user is tricked into clicking a link in an email or via compromised legitimate websites.



Filed under: , , , , ,

New Java and Flash Research Shows a Dangerous Update Gap

Posted: 05 Sep 2013 05:51 PM | Matthew Mors | no comments

Today we're continuing our Java security research series by analyzing other plug-ins, browser extensions and rich internet applications that are commonly exploited. Our previous research indicated that the current state of Java affairs isn't pretty. At that time, ninety-three percent of enterprises...


Filed under: , , , , , , ,

Internet Explorer Zero-day Vulnerability (CVE-2013-1347) [Updated]

Posted: 07 May 2013 03:26 PM | Carl Leonard | no comments

A new vulnerability found in Microsoft Internet Explorer affects Internet Explorer version 8.  The vulnerability allows attackers to execute code on a machine by just having the user visit a malicious website. This can happen, for example, when the user is tricked into clicking a link in an email or via compromised legitimate websites such as the recently compromised Department of Labor website which was subsequently used in a water-hole attack. Malicious payloads delivered from this compromise were confirmed by Microsoft to exploit the new vulnerability, designated CVE-2013-1347.




Filed under: ,

How are Java attacks getting through?

Posted: 25 Mar 2013 09:01 PM | Charles Renert | no comments

Were you aware that Java is increasingly being viewed as a security risk? Of course you were — recent high-profile attacks have firmly established the trend, so we're not going to do yet another roundup here. Instead, let's drill in and try to understand the core problem. With so many vulnerabilities...


Filed under: , , , , , , , ,

2013 Threat Report: More Than Scary Stats and Chilling Charts

Posted: 13 Feb 2013 08:30 AM | Carl Leonard | no comments

The 2013 Threat Report from the Websense® Security Labs™ is now available.


The report details mobile, social, email and web-based threats, and while it is full of ominous data points, it is a very interesting read. The report is designed to help security professionals keep current with threat trends and improve the effectiveness of existing security solutions. It can also be used to identify and prioritize security gaps that may require new approaches and more innovative strategies.


Creating the report began with the ThreatSeeker® Network, composed of big data clusters used by the WSL to collect and manage up to 5 billion inputs each day from 900 million global endpoints. Malware samples, mobile applications, email content, web links and other information were then passed through deep analysis processes including our Advanced Classification Engine (ACE), which applied over 10,000 different analytics.




Filed under: , , , , , , , , , , , , , ,