Websense Security Labs Blog

Websense Security Labs discovers, investigates and reports on advanced Internet threats that traditional security
research methods miss.

Latest Blog Posts

View all posts > 

Exploit tagged in these posts

IE Zero-Day Patch on the Way

Posted: 01 May 2014 07:01 PM | Charles Renert | no comments

A quick note on CVE-2014-1776 — Microsoft will have a patch out tonight. Especially noteworthy is the decision to patch Windows XP. Good call. Beyond the proactive security provided at all other stages of the threat lifecycle, we've added protection for known variants of the vulnerability and...


Filed under: , , ,

Broken Hearted? A Practical Look at the Heartbleed Vulnerability

Posted: 11 Apr 2014 03:15 PM | Carl Leonard | no comments

Following on from our previous Heartbleed post , there have been countless reports on the far-reaching scale of this critical security flaw along with numerous discussions as to what 'exactly' an attacker can gain from exploiting the vulnerability. Given the online and 'connected' nature...


Filed under: , , , ,

"Heartbleed" Vulnerability in OpenSSL (CVE-2014-0160) Could Lead To Data Theft

Posted: 09 Apr 2014 05:56 PM | Carl Leonard | no comments

Websense® Security Labs™ has been tracking news of a vulnerability in the implementation of OpenSSL which has far-reaching implications for it's users and those impacted by it's use. The vulnerability, CVE-2014-0160 , allows a remote attacker to read the memory of systems protected...


Filed under: , , , ,

MSIE 0-day Exploit CVE-2014-0322 - Possibly Targeting French Aerospace Association

Posted: 13 Feb 2014 11:32 AM | AlexWatson | 1 comment(s)

Executive Overview Websense researchers have discovered the use of CVE-2014-0322 as early as January 20, 2014 - nearly 3 weeks before the previously known first date of the attacks The attack may be targeting organizations associated with the French aerospace association, GIFAS The CVE-2014-0322 exploit...


Filed under: , , , , , ,

Dotkachef Exploit Kit Comeback

Posted: 03 Feb 2014 09:30 AM | Sindyan | no comments

Websense® Security Labs™ researchers, using our Websense ThreatSeeker® Intelligence Cloud, discovered an interesting new malvertizing campaign that uses legitimate ad systems. The infection starts with a compromised advertisement URL hosted on a legitimate website and ultimately lures victims...


Filed under: ,

New Java and Flash Research Shows a Dangerous Update Gap

Posted: 05 Sep 2013 05:51 PM | Matthew Mors | no comments

Today we're continuing our Java security research series by analyzing other plug-ins, browser extensions and rich internet applications that are commonly exploited. Our previous research indicated that the current state of Java affairs isn't pretty. At that time, ninety-three percent of enterprises...


Filed under: , , , , , , ,

Cyber Criminals Exploiting the Boston Marathon Aftermath [UPDATED]

Posted: 17 Apr 2013 12:32 PM | Carl Leonard | no comments

Whilst the world recoils in shock at the atrocious events at Monday's Boston Marathon, cyber-criminals are actively seeking to exploit people's thirst for information and eagerness to help those affected by the attacks.

The Websense ThreatSeeker® Network is currently detecting and blocking multiple email-borne campaigns that attempt to lure unsuspecting recipients to malicious websites in order to exploit their machines for criminal gains.

Let's follow this campaign through the 7 Stages of Advanced Threats (as explained in our whitepaper) to see how cyber-criminals attempt to dupe and compromise users and their machines. We'll also show that breaking any one link in the chain can protect potential victims.



Filed under: , , , ,

How are Java attacks getting through?

Posted: 25 Mar 2013 09:01 PM | Charles Renert | no comments

Were you aware that Java is increasingly being viewed as a security risk? Of course you were — recent high-profile attacks have firmly established the trend, so we're not going to do yet another roundup here. Instead, let's drill in and try to understand the core problem. With so many vulnerabilities...


Filed under: , , , , , , , ,

Israeli Website for “international institute for counter-Terrorism” Waterhole Attack Serving CVE-2012-4969

Posted: 12 Mar 2013 08:29 AM | Elad Sharf | no comments


Websense Security Labs™ and The Websense® ThreatSeeker™ Network have detected that the government-related websites ict.org.il and herzliyaconference.org have been involved in a 'waterhole' attack and are injected with malicious code that serves as an exploit for Internet Explorer vulnerability CVE-2012-4969. The first website describes itself as the “International Institute for Counter-Terrorism”. Both websites seem to be connected and governed by a leading Israeli academic institution called the IDC


The malicious code found on the websites is identical and was identified as CVE-2012-4969 - an Internet Explorer vulnerability that was verified as a zero-day at the time and was found to be exploited in the wild on September 2012. It was found by Eric Romang from Zataz.


From our initial checks, the websites still serve the malicious code on specific paths, and have been serving the malicious code from as early as the 23rd of January 2013. At the time of this writing, the malicious code on ict.org.il appears to be fully functional, but the malicious code on herzliyaconference.org doesn't seem to be functional (the main page that initiates the exploit seems to have been removed; although subsequent pages are still available, on their own they won't serve a successful exploit).




Filed under: , , , ,