Websense Media Coverage

CSO Magazine: Locked and loaded, online gamers draw phishing attackers

April Tellez — Fri, 26 Apr 2013 20:33:00 GMT

In-game items held in those accounts can also be sold by phishers for real-world cash, it continued.Ã'Â Depending upon how much information is revealed, the victims can even have their real-life identities stolen.

"Online games are very popular -- lots of people are attracted to them -- and phishers like to go where the people go," Carl Leonard, senior manager of Websense Security Labs, said in an interview.

Within online games are value systems used to make in-game purchases that can be turned into money by cybercriminals, explained APWG chairman and founder Dave Jevans.

"Virtual currencies are on the rise and gaming credits are worth money," he told CSO. "Anything that's worth money is going to get attacked."

Gamers are a rich source of another prize for phishers: personal identifying information. "Any personal identifying information is extremely valuable in the underground markets," Websense's Leonard said.

http://www.cso.com.au/article/460252/locked_loaded_online_gamers_draw_phishing_attackers/

CSO Magazine: Websense fights cyber crime post Boston Marathon blasts

April Tellez — Tue, 23 Apr 2013 20:31:00 GMT

The Websense ThreatSeeker Network is blocking email-borne campaigns to avoid unsuspecting recipients going to malicious websites post events at Boston Marathon.

Cyber criminals are busy while the world is still stunned at the explosions at Boston Marathon. These criminals are trying to fool those who search the Web for more information and want to help the victims of these blasts.

In its recent blog Websense notes that its Websense ThreatSeeker Network is designed to both detect and block the multiple email-borne campaigns and points out that breaking any one link in the chain can protect potential victims.

This dangerous campaign lures people through authentic looking news stories and then they are encouraged to click on a malicious link, which then takes them to an exploit page.

"We continue to see cyber criminals use tragic events to exploit people's thirst for information and their eagerness to help those affected," said Carl Leonard, senior manager, Websense Security Labs. "It's important for businesses to recognise that without the right level of protection, their employees could be accessing emails or websites that could ultimately give the bad guys access to their corporate network."

http://www.csoonline.com/article/732282/websense-fights-cyber-crime-post-boston-marathon-blasts

SC Magazine: New Java exploit on the loose following recent security update

April Tellez — Tue, 23 Apr 2013 20:29:00 GMT

Oracle's security update last week included 42 fixes for bugs in Java and an improved notification system to help users determine the trustworthiness of Java programs before executing them.

On Tuesday, SCMagazine.com reached out to Oracle, Java's maker, but did not immediately hear back.

Exploits that take advantage of outdated Java installations remain a prevalent threat for enterprises. Last month, Websense data found that only 5.5 percent of browsers with Java enabled are running the most current version of the software.

Mark Reinhold, chief architect of the Java platform group, last week announced that Java 8 would be pushed back until the first quarter of 2014, even though the platform was scheduled to become available in early September, due to security concerns.

http://www.scmagazine.com/new-java-exploit-on-the-loose-following-recent-security-update/article/290196/

CIOL: Websense sounds caution on new spam campaign

April Tellez — Fri, 12 Apr 2013 20:27:00 GMT

Websense Security Labs has cautioned Interent users of malicious email spam to cash in on the death of former British Prime Minister Margaret Thatcher.

Websense ThreatSeeker Network have detected that attackers are sending malicious email spam with a topic referencing the death of Mrs. Thatcher.

According to the security labs blog post "Actually, it is not new for an attacker to use a hot topic (like the death of Hugo Chavez) to spread malware. In this case, the lure email is very simple, with just a few words related to Mrs. Thatcher, but it pretends to be from your friends by using the "Re: Fwd:" notation. Internet-savvy customers will know that it looks suspicious and should not be tempted to click the link in the email.

http://www.ciol.com/ciol/news/186836/websense-sounds-caution-spam-campaign

GCN: Is the next big cyber threat lurking in government systems?

April Tellez — Tue, 09 Apr 2013 20:20:00 GMT

Defining "legacy software" can be difficult. Some would argue that any software in use can be called legacy, because if you're using it, it's already old. Most would agree that any software still in use that is not supported by its developer or vendor could be classed as legacy. There is a huge installed base of this. A recent analysis by the Web Security company Websense, for example, found that three quarters of government computers are running unsupported versions of Java.

Getting rid of legacy software is even harder than defining it. Wholesale programs can be expensive and often end in failure. The Air Force in 2004 began a program to replace 240 outdated systems in its Expeditionary Combat Support System with an Enterprise Resources Planning system. A contact was awarded to Computer Sciences Corp. in 2006 and terminated six years and $1 billion later. "The effort got stopped," Lord said.

The problems included "budget doldrums," which complicates almost any kind of project, and the difficulty of finding a good time for replacing operational systems. This can be particularly difficult with combat support systems when the combat never stops, Lord said. "In my experience in the Air Force, there was no end to the battle."

http://gcn.com/blogs/cybereye/2013/04/is-next-big-cyber-threat-lurking-in-government-systems.aspx

CRN: 5 Factors Fueling Wave Of Java Attacks

April Tellez — Tue, 02 Apr 2013 20:25:00 GMT

Attackers are increasingly targeting Web applications, and the latest analysis conducted by San Diego-based Websense Inc. found Java to be a particular target. The security firm added Java version detection to its classification engine and applied the data to its ThreatSeeker network to find out which versions of Java are being actively used on tens of millions of endpoints. The firm found a vast majority of outdated Java plugins, including some that were more than two-years old.

Here's a look at some of the contributing factors behind the onslaught of Java attacks.

Websense said most browsers are still vulnerable to Java-based attacks because they haven't been updated with the latest patches. The firm said only 5.5 percent of Java-enabled browsers are running the latest Java plugins. Many of the Java components used in the browsers were more than six months old and vulnerable to more widespread attacks, Websense said.

http://www.crn.com/slide-shows/security/240151887/5-factors-fueling-wave-of-java-attacks.htm

SC Magazine: Web-based malware threats primary challenge for industry pros, survey says

April Tellez — Fri, 29 Mar 2013 20:17:00 GMT

Of the companies participating in the research, eight out of 10 have experienced "web-borne" attacks in 2012, a primary vector for cyber criminals who leverage vulnerabilities in browser add-ons, like Java and Flash.

These results coincide with a separate research report by Websense that revealed 94 percent of endpoints analyzed in its study are currently running a version of Java that is vulnerable to at least one exploit aimed at the software.

With so many threats to take into account concerning web security, 55 percent of polled companies indicated that phishing attacks are the most prevalent web-based incursion, followed by keyloggers and drive-by-downloads, which involves nothing more than visiting a bogus web page to infect one's computer, Webroot found.

http://www.scmagazine.com/web-based-malware-threats-primary-challenge-for-industry-pros-survey-says/article/286738/

Infosecurity Magazine: Java vulnerabilities are almost ubiquitous

April Tellez — Thu, 28 Mar 2013 20:16:00 GMT

The reasons for this? A lack of basic security maintenance. Websense Security Labs, which conducted the study, found that close to 75% of end-users are using a Java Runtime Environment release that is more than six months out of date. Almost two-thirds of users are a year behind, and more than 50% are two years behind. A third are three years behind.

Almost a quarter of all Java end points are using a version of Java that is more than four years old.

Many of these exploits have been commoditized through the latest exploit kits, including Cool, Blackhole and Gong Da. Right now, there are six vulnerabilities being actively exploited, Websense found.

"It is probably no surprise that the largest single exploited vulnerability is the most recent one, with a vulnerable population of browsers at 93.77%," the company said. "That's what the bad guys do - examine your security controls and find the easiest way to bypass them."

http://www.infosecurity-magazine.com/view/31508/java-vulnerabilities-are-almost-ubiquitous

SC Magazine: Research reveals 94 percent of endpoints currently running outdated versions of Java

April Tellez — Wed, 27 Mar 2013 20:14:00 GMT

Rather than focusing on new vulnerabilities, cyber criminals can be just as successful at launching attacks aimed at older Java bugs thanks to outdated browsers, according to new research.

After adding Java version detection to its Advanced Classification Engine (ACE), experts at Websense Security Labs analyzed the Java vulnerability landscape (below). In doing so, they were able to see which versions of Java were actively being used across millions of endpoints.

Results indicated that more than 75 percent of the endpoints analyzed were using outdated browsers with respect to Java vulnerabilities that are at least six months old, two-thirds used versions at least one year old, and more than half of the endpoints used browsers that are more than two years behind on Java updates.

Of the endpoints analyzed, 94 percent are currently running a version of Java that is vulnerable to at least one exploit aimed at the software.

http://www.scmagazine.com/research-reveals-94-percent-of-endpoints-currently-running-outdated-versions-of-java/article/286332/

PC Magazine: Java Attacks Succeed Because Users Don't Update Software

April Tellez — Wed, 27 Mar 2013 20:13:00 GMT

Forget zero-days. Java attacks succeed because users are running out-of-date versions of the Java plug-in in their browser.

Nearly 75 percent of end users are running a version of Java in their browser that's at least six months out of date, Charles Renert, vice president of research and development for Websense, wrote on the Websense Security Labs blog Monday. Only five percent of endpoints were running the latest version of Java Runtime Environment, 1.7.17, Websense found.

The numbers get even more distressing when looking at older versions of the Java plug-in for the browser. Two-thirds of the users had Java that was at least a year-out-of-date, and 50 percent were running a version more than two years old. Nearly 25 percent of the users actually had a version that was more than four years old. The chart above has the details-click to see a larger image (an even larger image is on the blog post).

"As you can see, Java versions are all over the map," Renert noted.

The data for this analysis came from the tens of millions of endpoints in Websense's ThreatSeeker network.

http://securitywatch.pcmag.com/software-patches/309699-java-attacks-succeed-because-users-don-t-update-software