Websense Security Labs Blog

Websense Security Labs discovers, investigates and reports on advanced Internet threats that traditional security
research methods miss.

Latest Blog Posts

View all posts > 

CVE-2014-6271 - Remote 'Shellshock' Vulnerability in Bash

Posted: 25 Sep 2014 09:30 AM | ngriffin | no comments

CVE-2014-6271 Overview A vulnerability present in Bash up to version 4.3 has been found by Stephane Chazelas. Bash is a shell program found in a range of Unix-based operating systems such as Linux and Mac OS X - a very large population of affected systems. The vulnerability ( CVE-2014-6271 ) allows for...


"BackOff" POS High Level Analysis: Exposing Additional Sensitive Targets and Additional Toolkits in The Cyber Criminal Arsenal

Posted: 06 Aug 2014 07:00 AM | Elad Sharf | no comments

Websense® Security Labs™ has received reports about the new "Point Of Sale" malware dubbed "BackOff" as published by The US Homeland Security office. We have decided to explore the activity through ThreatSeeker® Intelligence Cloud. Our research shows some interesting...


Filed under: , , ,

The Bitly API key and MSNBC unvalidated redirects

Posted: 21 Jul 2014 08:00 AM | Pietro Bempos | no comments

Websense Security Labs™ has observed a spam/fraud campaign whereby a user is redirected from a real news site to a fake news site. In this case the real site is msnbc.com, which belongs to the well-known cable and satellite channel MSNBC. We have discovered that cyber criminals appear to have gained...


Filed under: , ,