Evaluate Websense products by watching demos and installing evaluation software.
Learn how Websense solutions help keep our customer safe, secure and productive
Get information on product updates, support resources and more.
Get the most out of support in five simple steps.
Find tools and assets to help sell Websense solutions.
Be notified of Websense news, product information, industry events and more.
Websense Security Labs™ Websense ThreatSeeker® Intelligence Cloud has discovered that attacks utilizing the most recent Internet Explorer 0-day (CVE-2013-3893)
are more prevalent than previously thought. In this write up we shall
analyze the exploit code and perform analysis on the dropped malicious
Another new vulnerability found in Microsoft Internet Explorer affects Internet Explorer versions 8, and 9 and used in a wild by cybercriminals, also specific configurations of Internet Explorer 6, 7, 8, 9, 10 and 11 are also potentially vulnerable. The vulnerability allows attackers to execute code on a machine by just having the user visit a malicious website. This can happen, for example, when the user is tricked into clicking a link in an email or via compromised legitimate websites.
“Patch Java and you’ll be protected against Java threats”
We seem to hear this constantly, not just in the last few months, but for years. Way back in Nov. 2011, we were told that if we had Java 6 Update 29 or Java 7 update 1, we wouldn’t be vulnerable to the security weaknesses in the headlines. Yet, with each update vulnerabilities continue to be discovered and exploited. We even had two Java 0-day exploits included in kits before Oracle had patches prepared. Yet despite the patches, we continue to hear about new vulnerabilities...
So what to do? Based on my discussions with other pros and my own experience I’ll be presenting a series on how to mitigate Java risks to protect your endpoints. We’ll look at: Proactive; Immediate; and Long-Term prophylactic measures. Here’s what you can start acting on now:
Last week we announced several new, important core security technologies that we added to our TRITON architecture. Websense ACE now includes 10 new defense innovations; seven are focused on outbound traffic to keep data theft and call-home communications contained, preventing theft or loss. Because so many of them are industry firsts, I wanted to take a moment to explain what many of these do and why we created them.
Truth is, the bad guys are stealing corporate data and avoiding detection using advanced techniques. In just the last year, we've seen key intellectual property and user identities stolen from corporations and government agencies, including some you would least expect-including entertainment (gaming) and security companies!
Below are a few examples of how cyber criminals are going undetected, stealing your IP, and how we can stop it from happening.
Every day, organizations worldwide are targeted by data-stealing attacks. While these attacks have evolved in frequency and sophistication, many security defenses have failed to adapt. Old techniques don’t address containment against data theft and cybercrime call-home communications. The growing prevalence of cloud apps, along with increases in SSL traffic, mobility and remote users are also adding more blind spots to traditional defenses.
It’s imperative that we continue to stay up-to-date on the latest tactics and tricks. Join me this Wednesday, August 8, 2012 from 10 a.m. - 11 a.m. PT for a webinar on the seven stages of data theft. We’ll be covering each of these steps:
Reconnaissance - Targeted
attackers access credentials and research online profiles, email IDs, org.
chart information, hobbies and interests from social profiles to gain insight
on their victims.
Lures - Designed to prey
on human curiosity, web lures often link to videos or breaking news, while
email lures are more business-focused on transaction and fake delivery notices.
Redirects - Users are
usually directed to a survey, rogue anti virus offer or a fake web page where
an exploit kit is waiting. Traditional redirects are injection attacks, while
newer ones focus on social networking wall postings, fake plug-ins, fake
certificates and heavily obfuscated java script.
Exploit Kits - The
exploit kit objective is like that of a sniper: take the shot with a malware
dropper file only when an open door for tested vulnerabilities is found.
Dropper Files - This stage
is what most people consider the focus of their forward-facing defenses:
analyze every file that comes into the network for malware. The problem is
dropper files use dynamic packers, so known signatures and patterns are not
Call-Home - This stage
involves calling home for malware downloads and tools, and for sending back
information, standard procedure for any successful online attack. The problem
is that most defenses are only forward-facing and do not analyze the outbound
traffic from infected systems.
Data Theft - This is
what they are after. The ability to contain an attack and stop data theft raises
many questions that we will address. Can your defenses detect password files
leaving your network or the use of custom encryption on outbound files?
In addition, we’ll be covering: why current defenses are failing; today’s new security requirements; and the newest, bleeding edge advanced threat and data theft defenses to emerge thus far.
We look forward to having you join the webinar. Bring your questions and be ready to talk threats!
With all of the crazy 2011 security breaches, exploits and notorious hacks, what can we expect for 2012? Last year’s Websense Security Labs predictions were very accurate, so these predictions should provide very useful guidance for security professionals. Here are the highlights; the full report can be downloaded here.
Read more commentary and watch the video here.
The media is buzzing with stories of state-sponsored hacking and so-called advanced persistent threats, as well as high-profile data-theft attacks by cybercriminals. So what does this mean to everyday businesses owners and managers, companies that aren’t defense contractors or giant corporations?
It means watch out. The wildly successful techniques used in state-sponsored attacks are moving down a malware adoption lifecycle. Yesterday’s million-dollar, well-planned, high-profile attack quickly becomes a $25 exploit kit available online to armies of low-level hackers.
This is phase two of advanced threats. This army of profit-driven hackers is using the same advanced techniques to steal any data that they can get their hands on to sell, fence or ransom. No one is safe, because traditional defenses don’t work against advanced malware. And the cybercriminals are targeting every kind and size of business.
This is the part of the story that people need to hear: While the big-name breaches get the headlines, too many companies get lulled into a false sense of security thinking that they are safe because they don’t have state secrets. Our research shows how the advanced techniques used in APT attacks move downstream. From state-sponsored groups, to criminal gangs, and ultimately to individual hackers—they are hitting any business with anything of value. Because that’s where the money is. And it’s easy pickings because their antivirus software is defenseless against these advanced methods. Here’s how we see the malware adoption lifecycle playing out in the wild:
In the first two installments in this series, I talked about getting rid of the FUD around APTs and why they should matter to you, even if you aren’t a government agency, or one of the biggest companies on earth. Now let’s get down to the controversy that is consuming a lot of bandwidth in security circles: What is an APT and how is it any different from older malware attacks out there like botnets, blended attacks, and standard binary-based viruses? So much is written about the topic, yet many people don’t really understand it and are just rehashing an old topic under a new name.
The jaded folks in the security community say that all of the talk about APTs is FUD because true APTs are very few and far between. I beg to differ. I’d say that the APT buzz is not Fear, Uncertainty, and Doubt but rather Fear, Certainty, and Damage.
Let’s start with what makes a “true” APT (all examples are real)...
Who: This is nation-state activity to penetrate another nation or corporations computers or networks for the purposes of causing damage, disruption or exploitation with an endgame objective of disabling an opponent's military capability or stealing important source code to increase their own power. These guys are the special forces of the threat landscape; super skilled buzz-cut clean shaven expert hackers. You’d never know who they were however – because if I told you I’d have to kill you.
Why: Cyber Warfare has been described of as the fifth domain of warfare with the Pentagon formally recognizing cyberspace to be just as critical to military operations as land, sea, air and space. It is reported that at least 100 countries have been developing ways to use the Internet as a weapon and target financial markets, government computer systems and utilities. Cyber Soldiers may operate as APT (advanced persistent threat) or corporate spies at times, but everything they learn is geared toward a specific nationalist objective.
What: Stuxnet is a great example of this attack method, a text book case of an APT. The Worm was discovered July 2010 and is the first specialized complex malware to only target industrial software. It was aimed at compromising the Iranian nuclear program and believed to be the work of a well funded group of 5-10 people over 6 months. Speculation: only a nation state has these capabilities.
Follow us on SpiceWorks
We want to hear from you!