Websense Security Labs Blog

Websense Security Labs discovers, investigates and reports on advanced Internet threats that traditional security
research methods miss.

Latest Blog Posts

View all posts > 

SSLv3 "POODLE" Vulnerability CVE-2014-3566

Posted: 15 Oct 2014 03:40 AM | ngriffin | no comments


CVE-2014-3566 Overview Websense® Security Labs are aware of a critical vulnerability that exists in SSLv3, dubbed as "POODLE" by the Google Security Team . The vulnerability has also been explained in a security advisory by OpenSSL and given the CVE number CVE-2014-3566 . Readers, take...

Read more > 

Filed under: , ,

"BackOff" POS High Level Analysis: Exposing Additional Sensitive Targets and Additional Toolkits in The Cyber Criminal Arsenal

Posted: 06 Aug 2014 07:00 AM | Elad Sharf | no comments


Websense® Security Labs™ has received reports about the new "Point Of Sale" malware dubbed "BackOff" as published by The US Homeland Security office. We have decided to explore the activity through ThreatSeeker® Intelligence Cloud. Our research shows some interesting...

Read more > 

Filed under: , , ,

The Bitly API key and MSNBC unvalidated redirects

Posted: 21 Jul 2014 08:00 AM | Pietro Bempos | no comments


Websense Security Labs™ has observed a spam/fraud campaign whereby a user is redirected from a real news site to a fake news site. In this case the real site is msnbc.com, which belongs to the well-known cable and satellite channel MSNBC. We have discovered that cyber criminals appear to have gained...

Read more > 

Filed under: , ,