Websense Security Labs Blog

Websense Security Labs discovers, investigates and reports on advanced Internet threats that traditional security
research methods miss.

View all posts > 

Filtered by : Java

Cyber Criminals Ramp Up Use of Exploit Kits in Fake Skype, Evernote Themed Attacks

Posted: 19 Feb 2014 03:45 | Ran Mosessco


Data from Websense® ThreatSeeker® Intelligence Cloud indicates that o ver the last few weeks, cyber criminals leveraging the "Angler" and "Goon" Exploit Kits to deliver malware via email borne attacks, have ramped-up their efforts. These recent campaigns were themed around...

Read more > 

Filed under: , , , , , ,

no comments

New Java and Flash Research Shows a Dangerous Update Gap

Posted: 05 Sep 2013 05:51 PM | Matthew Mors


Today we're continuing our Java security research series by analyzing other plug-ins, browser extensions and rich internet applications that are commonly exploited. Our previous research indicated that the current state of Java affairs isn't pretty. At that time, ninety-three percent of enterprises...

Read more > 

Filed under: , , , , , , ,

no comments

Majority of Users Still Vulnerable to Java Exploits

Posted: 03 Jun 2013 09:00 PM | Carl Leonard


Throughout the last 6 weeks, Websense® Security Labs™ has been collecting telemetry from our Websense ThreatSeeker® Intelligence Cloud to provide insight into usage of the most recent version of Java. Following our March 2013 study that looked at what versions of Java are being used, we saw that almost 93% of users are still not patched to the most recent version of Java. This leaves the majority of users still vulnerable to the dangers of exploit code already in use in the wild

...

Read more > 

Filed under: , , ,

no comments

How are Java attacks getting through?

Posted: 25 Mar 2013 09:01 PM | Charles Renert


Were you aware that Java is increasingly being viewed as a security risk? Of course you were — recent high-profile attacks have firmly established the trend, so we're not going to do yet another roundup here. Instead, let's drill in and try to understand the core problem. With so many vulnerabilities...

Read more > 

Filed under: , , , , , , , ,

no comments

Forex Website Targeted: Did Cybercrooks Find the Weakest Link in Online Money Management Services?

Posted: 28 Nov 2012 02:29 | Gianluca Giuliani


 

The Websense® ThreatSeeker® Network has detected that a FOREX trading website was injected with a malicious Java applet, which could install malware on the affected systems of the site's users. FOREX is the foreign exchange market where international currencies are traded, and nowadays, it's used by millions of people around the world.

 

The targeted website is a popular FOREX website called "Trading Forex," located at hxxp://tradingforex.com. One of the questions that is raised when encountering such a compromise is whether some cybercriminal shift their focus from mainstream online money management systems of banks and stock exchanges to "easier wins" with online systems and services that are likely to be less mature from a security perspective. Another interesting fact is that the dropped backdoor at Trading Forex is written in Visual Basic.Net and requires the Microsoft's .NET framework to be successfully installed and operational on the victim's computer.

 

Websense customers are protected from these and other threats by  ACE, our Advanced Classification Engine.

 

 

 

...

Read more > 

Filed under: , ,

no comments

Fake ‘Amazon order’ email exploits recent Java vulnerability CVE 2012-4681

Posted: 02 Sep 2012 09:44 PM | Xue Yang


Following our recent blog posts regarding the propagation of Java vulnerability CVE-2012-4681 (New Java 0-day used in small number of attacks) and its subsequent inclusion in the infamous Blackhole Exploit Kit (New Java 0-day added to Blackhole Exploit Kit),  the Websense® ThreatSeeker® Network has detected a new malicious email campaign purporting to be an order verification email from Amazon directing victims to a page containing the recent Java exploit.

...

Read more > 

Filed under: , , ,

1 comment(s)

Nepalese government websites compromised to serve Zegost RAT

Posted: 08 Aug 2012 10:36 | Gianluca Giuliani


 

The Websense® ThreatSeeker® Network has detected that two Nepalese government websites, the National Information Technology Center (NITC) and the Office of the Prime Minister and Council Minister (nitc.gov.np and opmcm.gov.np respectively), have been compromised and injected with malicious code that tries to exploit the Java vulnerability CVE-2012-0507. The aim of this injection is to install, through successfully exploiting that Java weakness, a backdoor that is also dubbed "Zegost" on the systems of visitors to these websites.

 

This vulnerability (CVE-2012-0507) was also used in the Amnesty International UK website compromise and in the INSS website compromise that we reported a few months back. It's interesting to note that all those compromises had injected code that was taken from the Metasploit framework, served in clear form, and not obfuscated. Although the use of code from the Metasploit framework doesn't necessarily indicate a link between all the compromises, we found further common characteristics between the compromises of the Amnesty UK website and the Nepalese government website by analyzing the backdoor C&C points when we noticed that they connected to the same domain in China. 

 

...

Read more > 

Filed under: , , , , ,

no comments

Dissecting Cleartrip.com website compromise: Malicious ad tactics uncovered

Posted: 29 Jun 2012 12:01 PM | Elad Sharf


The Websense ® ThreatSeeker ® Network discovered on June 27, 2012, that one of the most popular travel websites in India, cleartrip.com, was compromised and served malicious code. The website was informed of this breach and no longer serves malicious code. In this blog, we'd like to share...

Read more > 

Filed under: , , , , ,

10 comment(s)

The Amnesty International UK website was compromised to serve Gh0st RAT [Update]

Posted: 11 May 2012 01:29 | Gianluca Giuliani


Between May 8 and 9, 2012, the Websense® ThreatSeeker® Network detected that the Amnesty International United Kingdom website was compromised. The website was apparently injected with malicious code for these 2 days. During that time, website users risked having sensitive data stolen and perhaps infecting other users in their network. However, the website owners rectified this issue after we advised them about the injection. In early 2009, we discovered this same site was compromised, and in2010, we reported another injection of an Amnesty International website, this time the Hong Kong site.

...

Read more > 

Filed under: , , , ,

no comments