Websense social media center

2013 Threat Report: More than Scary Stats and Chilling Charts

Posted: Wednesday, February 13, 2013 12:30 AM by Bob Hansmann

The 2013 Threat Report from the Websense® Security Labs (WSL) is now available. The report details mobile, social, email and web-based threats, and while it is full of ominous data points, it is a very interesting read. The report is designed to help... Read more >

2013 Threat Report: Web Got “Dramatically Darker” – Pre-Order Now

Posted: Thursday, February 07, 2013 1:00 PM by Bob Hansmann

The 2013 Threat Report from Websense Security Labs is now available for pre-order. In it, you'll learn about alarming increases in threats, and how it's creating a real crisis of trust among security professionals and the users they support. Websense's... Read more >

1 comment(s)

Filed under: internet security, threats, Web Security, email security, Websense Security Labs, data loss prevention, threat report, mobile security

Practical IT: Key Takeaways from the New York Times Breach

Posted: Wednesday, February 06, 2013 1:00 PM by Lamont Orange

Last week, we all woke to the New York Times announcing they were victims of an ongoing attack by Chinese hackers, resulting in the accounts of several reporters being compromised. The article went on to describe details of the breach including four months... Read more >

1 comment(s)

Filed under: link analysis, data security, email security, data loss prevention, security threats, best practices, Phishing, malware, spear phishing, data breach, cybercrime, targeted attacks, hacking, data theft, spear-phishing, Office of the CSO

Users are the Weakest Link – What IT Needs to Do About It

Posted: Tuesday, February 05, 2013 5:20 PM by Brenda Santos

The recent breaches at the Massachusetts Institute of Technology (MIT) further reinforce the fact that users can be an information security program's weakest link. How did this breach occur? As described in media coverage surrounding the debacle,... Read more >

Filed under: threats, email security, Phishing, data breach, Office of the CSO

Three Traditional Anti-Phishing Technologies That Are Failing Your Customers; The Role of the Partner in Fighting Spear Phishing, Part Two

Posted: Tuesday, November 27, 2012 4:07 AM by Jason Woo

Spear-phishing attackers do plenty of recon about their targets to craft convincing email lures. But they've also refined their technological approach to do an end-around on the traditional anti-phishing technology that most channel partners have... Read more >

Filed under: Partners, Partner Best Practices, partner success, successful selling, multistage attack, email security, spear-phishing, data theft

Websense Security Labs Sees the Future - 2013 Security Predictions

Posted: Tuesday, November 13, 2012 8:05 AM by Chris Astacio

From mass Wordpress compromises to a spear-phishing attack on the White House, there is no doubt cybercriminals gained confidence and momentum in 2012. The Websense Security Labs looked at recent security and attack trends to come up with hypotheses of... Read more >

Filed under: exploits, internet security, threats, data security, email security, exploit, Websense Security Labs, security threats, Security Predictions, malware, Predictions, data loss, threat report, data breach, targeted attacks, hacking, hacks, data theft

The Role of the Partner in Fighting Spear-Phishing, Part One: From Shotgun To Rifle Shot - Spear-Phishing's Evolution Hits The Mark

Posted: Tuesday, November 06, 2012 8:16 AM by Jason Woo

Anytime security executives speak up in unanimity, it pays for security channel partners to listen. Last month Websense CSO Jason Clark spoke with a representative sample of his peers - 20 CSOs from top U.S. companies - and a resounding 100 percent of... Read more >

Filed under: Partners, Partner Best Practices, distributors, partner success, email security, spear-phishing, spearphishing

VentureBeat: 3 tips to spot email scams before election day

Posted: Monday, November 05, 2012 10:22 AM by April Tellez

Watch out for scare tactics and threats. Successful phishing email subject lines are security related and suggest suspicious activity with your account to prompt you to click on a link. If you have a user account on a Presidential candidate's site... Read more >

Filed under: Email Security, Phishing

Have you heard about Operation Spear-Phish? Take the challenge.

Posted: Monday, October 29, 2012 10:38 AM by Jason Woo

Every week I hear cyber security teams say they’re worried about spear-phishing . They’re struggling to defend against them with their current technology. But to exacerbate matters, their users also struggle to understand how to spot a malicious... Read more >

Filed under: content security, email security, Phishing, spam, blended threat, data loss, email spam, spear phishing, cybercrime, 2012

Putting Postini Out To Pasture

Posted: Friday, October 26, 2012 4:40 PM by Kathryn Lodato

One of the most dreaded moments in many channel partners' business lives is when a long-time vendor retires a product or service that customers are still buying and renewing. These type of vendor announcements tend to push the 'If it ain't... Read more >

Filed under: Partner Best Practices, switching vendors, Google, Postini, email security

It’s Phishing Season in Canada: Don’t Take the Bait

Posted: Wednesday, October 24, 2012 3:00 PM by Fiaaz Walji

Last week, the Canadian federal government announced its plans to create a secure, stable and resilient digital infrastructure in Canada. To help improve incident response and stop cyber-threats, the Government of Canada is investing $155M in our cybersecurity... Read more >

Filed under: data security, email security, Phishing, blended threat, data loss, spear phishing, data theft, Canada, spear-phishing

What is Scaring Businesses the Most? Spear-phishing. New Websense Security Labs Research

Posted: Tuesday, October 09, 2012 4:58 AM by Patrik Runald

Spear-phishing is a huge concern for today’s government and enterprises. While high profile attacks like last week’s spear-phishing attack against the White House and last year’s attack against Oak Ridge National Laboratory underscore... Read more >

Filed under: exploits, threats, Web Security, data security, email security, Websense Security Labs, security threats, best practices, Security Bulletin, Phishing, spam, blended threat, advanced persistent threat, security research, email spam, spear phishing, targeted attacks, hacking, hacks, data theft, water hole, spear-phishing

EMEA Webcast: Seven Stages of Advanced Threats & Data Theft

Posted: Monday, September 10, 2012 7:59 AM by Spencer Parker

The seven stages hackers follow to steal data have been exposed! Traditional URL and AV defences are no longer effective in blocking targeted attacks. Cloud apps, mobility and remote users have all contributed to a growth in SSL traffic, which is a major... Read more >

Filed under: exploits, content security, data security, email security, exploit, data loss prevention, security threats, best practices, malware, blended threat, advanced persistent threat, data loss, cloud security, spear phishing, cybercrime, APT, targeted attacks, hacking, webinar, hacks, data theft, webcast

Magic Quadrant Finds Increase in Targeted Phishing Attacks

Posted: Tuesday, August 28, 2012 9:54 AM by Jason Woo

Leading analyst firm Gartner just released the 2012 Magic Quadrant for Secure Email Gateways (SEG) * and noted an uptick in targeted phishing attacks. The report states "Phishing attacks continue to oscillate, while more targeted phishing attacks... Read more >

Filed under: email security, DLP, Phishing, spam, email spam, spear phishing, cloud, Gartner Magic Quadrant, Gartner, 2012

Webinar Wednesday: 7 Stages of Advanced Threats & Data Theft

Posted: Monday, August 06, 2012 10:18 PM by Tom Clare

Every day, organizations worldwide are targeted by data-stealing attacks. While these attacks have evolved in frequency and sophistication, many security defenses have failed to adapt. Old techniques don’t address containment against data theft and cybercrime call-home communications. The growing prevalence of cloud apps, along with increases in SSL traffic, mobility and remote users are also adding more blind spots to traditional defenses.

It’s imperative that we continue to stay up-to-date on the latest tactics and tricks. Join me this Wednesday, August 8, 2012 from 10 a.m. - 11 a.m. PT for a webinar on the seven stages of data theft. We’ll be covering each of these steps:

Reconnaissance - Targeted attackers access credentials and research online profiles, email IDs, org. chart information, hobbies and interests from social profiles to gain insight on their victims.

Lures - Designed to prey on human curiosity, web lures often link to videos or breaking news, while email lures are more business-focused on transaction and fake delivery notices.

Redirects - Users are usually directed to a survey, rogue anti virus offer or a fake web page where an exploit kit is waiting. Traditional redirects are injection attacks, while newer ones focus on social networking wall postings, fake plug-ins, fake certificates and heavily obfuscated java script.

Exploit Kits - The exploit kit objective is like that of a sniper: take the shot with a malware dropper file only when an open door for tested vulnerabilities is found.

Dropper Files - This stage is what most people consider the focus of their forward-facing defenses: analyze every file that comes into the network for malware. The problem is dropper files use dynamic packers, so known signatures and patterns are not available.

Call-Home - This stage involves calling home for malware downloads and tools, and for sending back information, standard procedure for any successful online attack. The problem is that most defenses are only forward-facing and do not analyze the outbound traffic from infected systems.

Data Theft - This is what they are after. The ability to contain an attack and stop data theft raises many questions that we will address. Can your defenses detect password files leaving your network or the use of custom encryption on outbound files?

In addition, we’ll be covering: why current defenses are failing; today’s new security requirements; and the newest, bleeding edge advanced threat and data theft defenses to emerge thus far.

We look forward to having you join the webinar. Bring your questions and be ready to talk threats!

PC Magazine: Fake AT&T Bills Direct Users to Blackhole, Zeus

Posted: Friday, August 03, 2012 11:12 PM by April Tellez

"In itself, the amount of money could be big enough to raise suspicion in most of us," writes Websense. "Also, it is easy to see when the mouse cursor hovers over the link that the target Web address is different from the one displayed... Read more >

Filed under: Data Security, Email Security, Websense Security Labs, Phishing, websense, Blackhole Exploit Kit, cyber threats, cyberthreat, Cybersecurity, data theft, data breach, online scams, Websense media coverage, Exploit Kits, cybercrime, cybercriminal

ZDNet: Malware warning: Your AT&T bill is ready to be viewed

Posted: Friday, August 03, 2012 10:56 PM by April Tellez

"ThreatScope analysis, part of our CSI service, shows that the malware is part of the Cridex family," a Websense spokesperson said in a statement. "It drops files into the Application Data and Temp folders, and then injects code into other... Read more >

Filed under: Web Security, Email Security, Phishing, Malicious Content, websense, malicious attacks, Blackhole Exploit Kit, cyber threats, malware, malicious links, cyberthreat, Cybersecurity, data theft, data breach, Websense media coverage, Exploit Kits, cybercrime, cybercriminal

You’re Hooked; a Practical Webcast on Avoiding Phishing Attempts

Posted: Tuesday, June 19, 2012 3:01 PM by Jason Woo

Phishing. It’s been around for ages and continues to evolve. From the simple money wire scams and the attempts to steal AOL user passwords, to ultimately the threat that makes IT managers shake in their boots: “spear-phishing.” In recent... Read more >

Filed under: link analysis, email security, best practices, Phishing, blended threat, email spam, APT, webinar, redirect, data theft

LinkedIn Breach, Part II: What You Need to Prepare for Next

Posted: Thursday, June 07, 2012 8:29 PM by Jason Clark

Yesterday’s LinkedIn breach made headlines, but I want to go deeper and provide practical advice for organizations on how they can anticipate any DLP consequences and tighten their network security. As the world’s largest professional social... Read more >

Filed under: threats, email security, data loss prevention, DLP, security threats, Social Media, Phishing, malware, blended threat, social media security, data loss, spear phishing, CSO on the Road, targeted attacks, hacking, hacks, data theft, mobile security, passwords, LinkedIn, Office of the CSO

QR Codes and the Damage (to be) Done?

Posted: Sunday, January 15, 2012 10:00 PM by Patrik Runald

When we were looking at putting out our Websense Security Labs predictions for 2012, we knew that mobile threats were going to be big this year. While we included one prediction on it, there was one piece that I had thought of, but didn’t include. It’s still a ways away, but Paul Henry has an excellent write up on “QR Codes – Leading Lambs To the Slaughter.”

He correctly points out that these “ultimate url-obfuscators” can be a serious threat down the line.

It’s a good reminder that any applications on workforce mobile devices need to be properly sandboxed from the operating system. We’ve already noted in Websense Security Labs research that there are challenges with certain platforms and there are a number of mobile malware variants, including Trojans on handhelds.

It’s interesting to think QR codes as threats continue to evolve in the mobile landscape. What’s funny is as I was writing this, our Security Labs researches discovered QR codes being used a new way – through a spam campaign.

What do you think about QR codes?

Social Media Center

Blogs

Websense Follow us>

RSS

Other LInks