Websense Security Labs Blog

Websense Security Labs discovers, investigates and reports on advanced Internet threats that traditional security
research methods miss.

View all posts > 

Filtered by : Exploit

"Heartbleed" Vulnerability in OpenSSL (CVE-2014-0160) Could Lead To Data Theft

Posted: 09 Apr 2014 05:56 PM | Carl Leonard


Websense® Security Labs™ has been tracking news of a vulnerability in the implementation of OpenSSL which has far-reaching implications for it's users and those impacted by it's use. The vulnerability, CVE-2014-0160 , allows a remote attacker to read the memory of systems protected...

Read more > 

Filed under: , , , ,

no comments

MSIE 0-day Exploit CVE-2014-0322 - Possibly Targeting French Aerospace Association

Posted: 13 Feb 2014 11:32 AM | AlexWatson


Executive Overview Websense researchers have discovered the use of CVE-2014-0322 as early as January 20, 2014 - nearly 3 weeks before the previously known first date of the attacks The attack may be targeting organizations associated with the French aerospace association, GIFAS The CVE-2014-0322 exploit...

Read more > 

Filed under: , , , , , ,

1 comment(s)

Dotkachef Exploit Kit Comeback

Posted: 03 Feb 2014 09:30 AM | Sindyan


Websense® Security Labs™ researchers, using our Websense ThreatSeeker® Intelligence Cloud, discovered an interesting new malvertizing campaign that uses legitimate ad systems. The infection starts with a compromised advertisement URL hosted on a legitimate website and ultimately lures victims...

Read more > 

Filed under: ,

no comments

New Java and Flash Research Shows a Dangerous Update Gap

Posted: 05 Sep 2013 05:51 PM | Matthew Mors


Today we're continuing our Java security research series by analyzing other plug-ins, browser extensions and rich internet applications that are commonly exploited. Our previous research indicated that the current state of Java affairs isn't pretty. At that time, ninety-three percent of enterprises...

Read more > 

Filed under: , , , , , , ,

no comments

Cyber Criminals Exploiting the Boston Marathon Aftermath [UPDATED]

Posted: 17 Apr 2013 12:32 PM | Jason Hill


Whilst the world recoils in shock at the atrocious events at Monday's Boston Marathon, cyber-criminals are actively seeking to exploit people's thirst for information and eagerness to help those affected by the attacks.

The Websense ThreatSeeker® Network is currently detecting and blocking multiple email-borne campaigns that attempt to lure unsuspecting recipients to malicious websites in order to exploit their machines for criminal gains.

Let's follow this campaign through the 7 Stages of Advanced Threats (as explained in our whitepaper) to see how cyber-criminals attempt to dupe and compromise users and their machines. We'll also show that breaking any one link in the chain can protect potential victims.

...

Read more > 

Filed under: , , , ,

no comments

How are Java attacks getting through?

Posted: 25 Mar 2013 09:01 PM | Charles Renert


Were you aware that Java is increasingly being viewed as a security risk? Of course you were — recent high-profile attacks have firmly established the trend, so we're not going to do yet another roundup here. Instead, let's drill in and try to understand the core problem. With so many vulnerabilities...

Read more > 

Filed under: , , , , , , , ,

no comments

Israeli Website for “international institute for counter-Terrorism” Waterhole Attack Serving CVE-2012-4969

Posted: 12 Mar 2013 08:29 AM | Elad Sharf


 

Websense Security Labs™ and The Websense® ThreatSeeker™ Network have detected that the government-related websites ict.org.il and herzliyaconference.org have been involved in a 'waterhole' attack and are injected with malicious code that serves as an exploit for Internet Explorer vulnerability CVE-2012-4969. The first website describes itself as the “International Institute for Counter-Terrorism”. Both websites seem to be connected and governed by a leading Israeli academic institution called the IDC

 

The malicious code found on the websites is identical and was identified as CVE-2012-4969 - an Internet Explorer vulnerability that was verified as a zero-day at the time and was found to be exploited in the wild on September 2012. It was found by Eric Romang from Zataz.

 

From our initial checks, the websites still serve the malicious code on specific paths, and have been serving the malicious code from as early as the 23rd of January 2013. At the time of this writing, the malicious code on ict.org.il appears to be fully functional, but the malicious code on herzliyaconference.org doesn't seem to be functional (the main page that initiates the exploit seems to have been removed; although subsequent pages are still available, on their own they won't serve a successful exploit).

 

...

Read more > 

Filed under: , , , ,

no comments

New Java Zero Day Used In Exploit Kits

Posted: 10 Jan 2013 10:47 AM | Chris Astacio


Websense Security Labs™ is following reports that a new Java zero day vulnerability ( CVE-2013-0422 ) is being exploited in the wild by exploit kits. Early this morning, a researcher who goes by the handle Kafeine disclosed that he has started seeing exploits of a new Java vulnerability appearing...

Read more > 

Filed under: ,

no comments

Wagamama site compromised, but noodles are still good

Posted: 01 Oct 2012 09:09 AM | Artem Gololobov


The Websense ThreatSeeker Network has detected that the Web site hxxp://goeast(dot)wagamama(dot)com, which belongs to Wagamama (a Japanese and sushi restaurant chain), has been compromised and injected with malicious code, also known as a RunForestRun attack.

RunForestRun attack exploits vulnerability in Parallels Plesk to obtain user account credentials, then compromised accounts are used to modify JavaScript files.  As shown below, modification consists of obfuscated script.  When this script is run, it deobfuscates to an iframe with pseudo-random generated URLs(in this case based on date and time).  The resulting malicious URL will lead the user to a well-known and widely used tool in an underground community - Blackhole Exploit Kit.

Websense customers are protected from this threat with ACE, our Advanced Classification Engine.

...

Read more > 

Filed under: ,

no comments