Social Media Center


2013 Threat Report: More than Scary Stats and Chilling Charts
Posted: Wednesday, February 13, 2013 12:30 AM by Bob Hansmann
The 2013 Threat Report from the Websense® Security Labs (WSL) is now available. The report details mobile, social, email and web-based threats, and while it is full of ominous data points, it is a very interesting read. The report is designed to help...   Read more >
Filed under: , , , , , , , , , , , , , ,
2013 Threat Report: Web Got “Dramatically Darker” – Pre-Order Now
Posted: Thursday, February 07, 2013 1:00 by Bob Hansmann
The 2013 Threat Report from Websense Security Labs is now available for pre-order. In it, you'll learn about alarming increases in threats, and how it's creating a real crisis of trust among security professionals and the users they support. Websense's...   Read more >
1 comment(s)
Filed under: , , , , , , ,
Practical IT: Key Takeaways from the New York Times Breach
Posted: Wednesday, February 06, 2013 1:00 by Lamont Orange
Last week, we all woke to the New York Times announcing they were victims of an ongoing attack by Chinese hackers, resulting in the accounts of several reporters being compromised. The article went on to describe details of the breach including four months...   Read more >
1 comment(s)
Filed under: , , , , , , , , , , , , , , ,
Users are the Weakest Link – What IT Needs to Do About It
Posted: Tuesday, February 05, 2013 5:20 by Brenda Santos
The recent breaches at the Massachusetts Institute of Technology (MIT) further reinforce the fact that users can be an information security program's weakest link. How did this breach occur? As described in media coverage surrounding the debacle,...   Read more >
Filed under: , , , ,
Three Traditional Anti-Phishing Technologies That Are Failing Your Customers; The Role of the Partner in Fighting Spear Phishing, Part Two
Posted: Tuesday, November 27, 2012 4:07 AM by Jason Woo
Spear-phishing attackers do plenty of recon about their targets to craft convincing email lures. But they've also refined their technological approach to do an end-around on the traditional anti-phishing technology that most channel partners have...   Read more >
Filed under: , , , , , , ,
Websense Security Labs Sees the Future - 2013 Security Predictions
Posted: Tuesday, November 13, 2012 8:05 AM by Chris Astacio
From mass Wordpress compromises to a spear-phishing attack on the White House, there is no doubt cybercriminals gained confidence and momentum in 2012. The Websense Security Labs looked at recent security and attack trends to come up with hypotheses of...   Read more >
Filed under: , , , , , , , , , , , , , , , , ,
The Role of the Partner in Fighting Spear-Phishing, Part One: From Shotgun To Rifle Shot - Spear-Phishing's Evolution Hits The Mark
Posted: Tuesday, November 06, 2012 8:16 AM by Jason Woo
Anytime security executives speak up in unanimity, it pays for security channel partners to listen. Last month Websense CSO Jason Clark spoke with a representative sample of his peers - 20 CSOs from top U.S. companies - and a resounding 100 percent of...   Read more >
Filed under: , , , , , ,
VentureBeat: 3 tips to spot email scams before election day
Posted: Monday, November 05, 2012 10:22 AM by April Tellez
Watch out for scare tactics and threats. Successful phishing email subject lines are security related and suggest suspicious activity with your account to prompt you to click on a link. If you have a user account on a Presidential candidate's site...   Read more >
Filed under: ,
Have you heard about Operation Spear-Phish? Take the challenge.
Posted: Monday, October 29, 2012 10:38 AM by Jason Woo
Every week I hear cyber security teams say they’re worried about spear-phishing . They’re struggling to defend against them with their current technology. But to exacerbate matters, their users also struggle to understand how to spot a malicious...   Read more >
Filed under: , , , , , , , , ,
Putting Postini Out To Pasture
Posted: Friday, October 26, 2012 4:40 by Kathryn Lodato
One of the most dreaded moments in many channel partners' business lives is when a long-time vendor retires a product or service that customers are still buying and renewing. These type of vendor announcements tend to push the 'If it ain't...   Read more >
Filed under: , , , ,
It’s Phishing Season in Canada: Don’t Take the Bait
Posted: Wednesday, October 24, 2012 3:00 by Fiaaz Walji
Last week, the Canadian federal government announced its plans to create a secure, stable and resilient digital infrastructure in Canada. To help improve incident response and stop cyber-threats, the Government of Canada is investing $155M in our cybersecurity...   Read more >
Filed under: , , , , , , , ,
What is Scaring Businesses the Most? Spear-phishing. New Websense Security Labs Research
Posted: Tuesday, October 09, 2012 4:58 AM by Patrik Runald
Spear-phishing is a huge concern for today’s government and enterprises. While high profile attacks like last week’s spear-phishing attack against the White House and last year’s attack against Oak Ridge National Laboratory underscore...   Read more >
Filed under: , , , , , , , , , , , , , , , , , , , , ,
EMEA Webcast: Seven Stages of Advanced Threats & Data Theft
Posted: Monday, September 10, 2012 7:59 AM by Spencer Parker
The seven stages hackers follow to steal data have been exposed! Traditional URL and AV defences are no longer effective in blocking targeted attacks. Cloud apps, mobility and remote users have all contributed to a growth in SSL traffic, which is a major...   Read more >
Filed under: , , , , , , , , , , , , , , , , , , , , ,
Magic Quadrant Finds Increase in Targeted Phishing Attacks
Posted: Tuesday, August 28, 2012 9:54 AM by Jason Woo
Leading analyst firm Gartner just released the 2012 Magic Quadrant for Secure Email Gateways (SEG) * and noted an uptick in targeted phishing attacks. The report states "Phishing attacks continue to oscillate, while more targeted phishing attacks...   Read more >
Filed under: , , , , , , , , ,
Webinar Wednesday: 7 Stages of Advanced Threats & Data Theft
Posted: Monday, August 06, 2012 10:18 by Tom Clare

Every day, organizations worldwide are targeted by data-stealing attacks. While these attacks have evolved in frequency and sophistication, many security defenses have failed to adapt. Old techniques don’t address containment against data theft and cybercrime call-home communications. The growing prevalence of cloud apps, along with increases in SSL traffic, mobility and remote users are also adding more blind spots to traditional defenses.

It’s imperative that we continue to stay up-to-date on the latest tactics and tricks. Join me this Wednesday, August 8, 2012 from 10 a.m. - 11 a.m. PT for a webinar on the seven stages of data theft. We’ll be covering each of these steps:

Reconnaissance - Targeted attackers access credentials and research online profiles, email IDs, org. chart information, hobbies and interests from social profiles to gain insight on their victims.

Lures - Designed to prey on human curiosity, web lures often link to videos or breaking news, while email lures are more business-focused on transaction and fake delivery notices.


Redirects - Users are usually directed to a survey, rogue anti virus offer or a fake web page where an exploit kit is waiting. Traditional redirects are injection attacks, while newer ones focus on social networking wall postings, fake plug-ins, fake certificates and heavily obfuscated java script.


Exploit Kits - The exploit kit objective is like that of a sniper: take the shot with a malware dropper file only when an open door for tested vulnerabilities is found.


Dropper Files - This stage is what most people consider the focus of their forward-facing defenses: analyze every file that comes into the network for malware. The problem is dropper files use dynamic packers, so known signatures and patterns are not available.


Call-Home - This stage involves calling home for malware downloads and tools, and for sending back information, standard procedure for any successful online attack. The problem is that most defenses are only forward-facing and do not analyze the outbound traffic from infected systems.


Data Theft - This is what they are after. The ability to contain an attack and stop data theft raises many questions that we will address. Can your defenses detect password files leaving your network or the use of custom encryption on outbound files?

In addition, we’ll be covering: why current defenses are failing; today’s new security requirements; and the newest, bleeding edge advanced threat and data theft defenses to emerge thus far.

We look forward to having you join the webinar. Bring your questions and be ready to talk threats!

 

...   Read more >
Filed under: , , , , , , , , , , , , , , , , , , , , ,
PC Magazine: Fake AT&T Bills Direct Users to Blackhole, Zeus
Posted: Friday, August 03, 2012 11:12 by April Tellez
"In itself, the amount of money could be big enough to raise suspicion in most of us," writes Websense. "Also, it is easy to see when the mouse cursor hovers over the link that the target Web address is different from the one displayed...   Read more >
Filed under: , , , , , , , , , , , , , , ,
ZDNet: Malware warning: Your AT&T bill is ready to be viewed
Posted: Friday, August 03, 2012 10:56 by April Tellez
"ThreatScope analysis, part of our CSI service, shows that the malware is part of the Cridex family," a Websense spokesperson said in a statement. "It drops files into the Application Data and Temp folders, and then injects code into other...   Read more >
Filed under: , , , , , , , , , , , , , , , , ,
You’re Hooked; a Practical Webcast on Avoiding Phishing Attempts
Posted: Tuesday, June 19, 2012 3:01 by Jason Woo
Phishing. It’s been around for ages and continues to evolve. From the simple money wire scams and the attempts to steal AOL user passwords, to ultimately the threat that makes IT managers shake in their boots: “spear-phishing.” In recent...   Read more >
Filed under: , , , , , , , , ,
LinkedIn Breach, Part II: What You Need to Prepare for Next
Posted: Thursday, June 07, 2012 8:29 by Jason Clark
Yesterday’s LinkedIn breach made headlines, but I want to go deeper and provide practical advice for organizations on how they can anticipate any DLP consequences and tighten their network security. As the world’s largest professional social...   Read more >
Filed under: , , , , , , , , , , , , , , , , , , , ,
QR Codes and the Damage (to be) Done?
Posted: Sunday, January 15, 2012 10:00 by Patrik Runald

When we were looking at putting out our Websense Security Labs predictions for 2012, we knew that mobile threats were going to be big this year. While we included one prediction on it, there was one piece that I had thought of, but didn’t include. It’s still a ways away, but Paul Henry has an excellent write up on “QR Codes – Leading Lambs To the Slaughter.”

He correctly points out that these “ultimate url-obfuscators” can be a serious threat down the line.

It’s a good reminder that any applications on workforce mobile devices need to be properly sandboxed from the operating system. We’ve already noted in Websense Security Labs research that there are challenges with certain platforms and there are a number of mobile malware variants, including Trojans on handhelds.

It’s interesting to think QR codes as threats continue to evolve in the mobile landscape. What’s funny is as I was writing this, our Security Labs researches discovered QR codes being used a new way – through a spam campaign

What do you think about QR codes?

 

 

...   Read more >
Filed under: , , , , , , , ,
More Posts Next page »
Websense   Follow us>