Websense Security Labs Blog

Websense Security Labs discovers, investigates and reports on advanced Internet threats that traditional security
research methods miss.

View all posts > 

Filtered by : Exploit

Broken Hearted? A Practical Look at the Heartbleed Vulnerability

Posted: 11 Apr 2014 03:15 PM | Carl Leonard


Following on from our previous Heartbleed post , there have been countless reports on the far-reaching scale of this critical security flaw along with numerous discussions as to what 'exactly' an attacker can gain from exploiting the vulnerability. Given the online and 'connected' nature...

Read more > 

Filed under: , , , ,

no comments

"Heartbleed" Vulnerability in OpenSSL (CVE-2014-0160) Could Lead To Data Theft

Posted: 09 Apr 2014 05:56 PM | Carl Leonard


Websense® Security Labs™ has been tracking news of a vulnerability in the implementation of OpenSSL which has far-reaching implications for it's users and those impacted by it's use. The vulnerability, CVE-2014-0160 , allows a remote attacker to read the memory of systems protected...

Read more > 

Filed under: , , , ,

no comments

MSIE 0-day Exploit CVE-2014-0322 - Possibly Targeting French Aerospace Association

Posted: 13 Feb 2014 11:32 AM | AlexWatson


Executive Overview Websense researchers have discovered the use of CVE-2014-0322 as early as January 20, 2014 - nearly 3 weeks before the previously known first date of the attacks The attack may be targeting organizations associated with the French aerospace association, GIFAS The CVE-2014-0322 exploit...

Read more > 

Filed under: , , , , , ,

1 comment(s)

Dotkachef Exploit Kit Comeback

Posted: 03 Feb 2014 09:30 AM | Sindyan


Websense® Security Labs™ researchers, using our Websense ThreatSeeker® Intelligence Cloud, discovered an interesting new malvertizing campaign that uses legitimate ad systems. The infection starts with a compromised advertisement URL hosted on a legitimate website and ultimately lures victims...

Read more > 

Filed under: ,

no comments

New Java and Flash Research Shows a Dangerous Update Gap

Posted: 05 Sep 2013 05:51 PM | Matthew Mors


Today we're continuing our Java security research series by analyzing other plug-ins, browser extensions and rich internet applications that are commonly exploited. Our previous research indicated that the current state of Java affairs isn't pretty. At that time, ninety-three percent of enterprises...

Read more > 

Filed under: , , , , , , ,

no comments

Cyber Criminals Exploiting the Boston Marathon Aftermath [UPDATED]

Posted: 17 Apr 2013 12:32 PM | Carl Leonard


Whilst the world recoils in shock at the atrocious events at Monday's Boston Marathon, cyber-criminals are actively seeking to exploit people's thirst for information and eagerness to help those affected by the attacks.

The Websense ThreatSeeker® Network is currently detecting and blocking multiple email-borne campaigns that attempt to lure unsuspecting recipients to malicious websites in order to exploit their machines for criminal gains.

Let's follow this campaign through the 7 Stages of Advanced Threats (as explained in our whitepaper) to see how cyber-criminals attempt to dupe and compromise users and their machines. We'll also show that breaking any one link in the chain can protect potential victims.

...

Read more > 

Filed under: , , , ,

no comments

How are Java attacks getting through?

Posted: 25 Mar 2013 09:01 PM | Charles Renert


Were you aware that Java is increasingly being viewed as a security risk? Of course you were — recent high-profile attacks have firmly established the trend, so we're not going to do yet another roundup here. Instead, let's drill in and try to understand the core problem. With so many vulnerabilities...

Read more > 

Filed under: , , , , , , , ,

no comments

Israeli Website for “international institute for counter-Terrorism” Waterhole Attack Serving CVE-2012-4969

Posted: 12 Mar 2013 08:29 AM | Elad Sharf


 

Websense Security Labs™ and The Websense® ThreatSeeker™ Network have detected that the government-related websites ict.org.il and herzliyaconference.org have been involved in a 'waterhole' attack and are injected with malicious code that serves as an exploit for Internet Explorer vulnerability CVE-2012-4969. The first website describes itself as the “International Institute for Counter-Terrorism”. Both websites seem to be connected and governed by a leading Israeli academic institution called the IDC

 

The malicious code found on the websites is identical and was identified as CVE-2012-4969 - an Internet Explorer vulnerability that was verified as a zero-day at the time and was found to be exploited in the wild on September 2012. It was found by Eric Romang from Zataz.

 

From our initial checks, the websites still serve the malicious code on specific paths, and have been serving the malicious code from as early as the 23rd of January 2013. At the time of this writing, the malicious code on ict.org.il appears to be fully functional, but the malicious code on herzliyaconference.org doesn't seem to be functional (the main page that initiates the exploit seems to have been removed; although subsequent pages are still available, on their own they won't serve a successful exploit).

 

...

Read more > 

Filed under: , , , ,

no comments