Websense Security Labs Blog

Websense Security Labs discovers, investigates and reports on advanced Internet threats that traditional security
research methods miss.

Latest Blog Posts

View all posts > 

Exploit tagged in these posts

Flash 0-day being distributed by Angler Exploit Kit

Posted: 22 Jan 2015 04:41 AM | ngriffin | no comments

Websense is aware of a new zero-day vulnerability in Adobe Flash Player, which has been seen exploited in-the-wild by the Angler Exploit Kit. The exploit, as reported by security researcher Kafeine , is known to affect the latest version of Flash Player and has been seen dropping a trojan...


Filed under: , , , , , , ,

IE Zero-Day Patch on the Way

Posted: 01 May 2014 07:01 PM | Charles Renert | no comments

A quick note on CVE-2014-1776 — Microsoft will have a patch out tonight. Especially noteworthy is the decision to patch Windows XP. Good call. Beyond the proactive security provided at all other stages of the threat lifecycle, we've added protection for known variants of the vulnerability and...


Filed under: , , ,

Broken Hearted? A Practical Look at the Heartbleed Vulnerability

Posted: 11 Apr 2014 03:15 PM | Carl Leonard | no comments

Following on from our previous Heartbleed post , there have been countless reports on the far-reaching scale of this critical security flaw along with numerous discussions as to what 'exactly' an attacker can gain from exploiting the vulnerability. Given the online and 'connected' nature...


Filed under: , , , ,

"Heartbleed" Vulnerability in OpenSSL (CVE-2014-0160) Could Lead To Data Theft

Posted: 09 Apr 2014 05:56 PM | Carl Leonard | no comments

Websense® Security Labs™ has been tracking news of a vulnerability in the implementation of OpenSSL which has far-reaching implications for it's users and those impacted by it's use. The vulnerability, CVE-2014-0160 , allows a remote attacker to read the memory of systems protected...


Filed under: , , , ,

MSIE 0-day Exploit CVE-2014-0322 - Possibly Targeting French Aerospace Association

Posted: 13 Feb 2014 11:32 AM | AlexWatson | 1 comment(s)

Executive Overview Websense researchers have discovered the use of CVE-2014-0322 as early as January 20, 2014 - nearly 3 weeks before the previously known first date of the attacks The attack may be targeting organizations associated with the French aerospace association, GIFAS The CVE-2014-0322 exploit...


Filed under: , , , , , ,

Dotkachef Exploit Kit Comeback

Posted: 03 Feb 2014 09:30 AM | Sindyan | no comments

Websense® Security Labs™ researchers, using our Websense ThreatSeeker® Intelligence Cloud, discovered an interesting new malvertizing campaign that uses legitimate ad systems. The infection starts with a compromised advertisement URL hosted on a legitimate website and ultimately lures victims...


Filed under: ,

New Java and Flash Research Shows a Dangerous Update Gap

Posted: 05 Sep 2013 05:51 PM | Matthew Mors | no comments

Today we're continuing our Java security research series by analyzing other plug-ins, browser extensions and rich internet applications that are commonly exploited. Our previous research indicated that the current state of Java affairs isn't pretty. At that time, ninety-three percent of enterprises...


Filed under: , , , , , , ,

Cyber Criminals Exploiting the Boston Marathon Aftermath [UPDATED]

Posted: 17 Apr 2013 12:32 PM | Carl Leonard | no comments

Whilst the world recoils in shock at the atrocious events at Monday's Boston Marathon, cyber-criminals are actively seeking to exploit people's thirst for information and eagerness to help those affected by the attacks.

The Websense ThreatSeeker® Network is currently detecting and blocking multiple email-borne campaigns that attempt to lure unsuspecting recipients to malicious websites in order to exploit their machines for criminal gains.

Let's follow this campaign through the 7 Stages of Advanced Threats (as explained in our whitepaper) to see how cyber-criminals attempt to dupe and compromise users and their machines. We'll also show that breaking any one link in the chain can protect potential victims.



Filed under: , , , ,