Websense Selected as Reader Trust Finalist in Three Categories for SC Awards 2015
Posted: Wednesday, February 25, 2015 11:35 PM by Susan Helmick
TRITON® APX acknowledged for Data Leakage Prevention, Email Security, and Web Content Management AUSTIN, Texas—February 25, 2015 — Websense, Inc. a global leader in protecting organizations from the latest cyber attacks and data theft...   Read more >
Ransomware - No Sign of Relief, Especially for Australians
Posted: Wednesday, February 25, 2015 7:50 AM by Carl Leonard
Websense® Security Labs™ researchers observed that ransomware was a plague in 2014 and this threat type shows no sign of relief in 2015. In this blog we profile the user experience for a Torrentlocker variant focusing on the Australian region...   Read more >
Pancake Day - Jamie Oliver site served recipes with a side of Malware
Posted: Wednesday, February 18, 2015 2:30 AM by Jose Barajas
Websense® Security Labs™ researchers are aware of malicious activity recently present on the Jamie Oliver official website. Jamie Oliver is a UK-based celebrity chef with over 10 million visits per month, and is browsed to by users globally...   Read more >
Angler Exploit Kit – Operating at the Cutting Edge
Posted: Thursday, February 05, 2015 9:00 AM by AToro
As we promised in one of our previous blog posts about exploit kits ( Nuclear EK ), we are going to take a more in-depth look at Angler Exploit Kit. Angler EK is possibly the most sophisticated exploit kit currently used by cyberciminals. It has pioneered...   Read more >
Filed under: ,
Another day, another zero-day – Internet Explorer's turn (CVE-2015-0072)
Posted: Thursday, February 05, 2015 2:00 AM by Jose Barajas
Websense® Security Labs™ researchers are aware of a zero-day vulnerability affecting Internet Explorer that could allow a remote, unauthenticated attacker to bypass the Same-Origin Policy (SOP) to hijack the user’s session. The vulnerability...   Read more >
New 'f0xy' malware is intelligent - employs cunning stealth & trickery
Posted: Friday, January 30, 2015 4:18 AM by ngriffin
Websense Security Labs have discovered a new and emerging malware downloader that employs evasion techniques and downloads a cryptocurrency miner. The new malware, which we have named 'f0xy', is able to dynamically change its command-and-control...   Read more >
CVE-2015-0235 - how to handle the "GHOST" vulnerability affecting Linux distributions
Posted: Wednesday, January 28, 2015 3:15 AM by Carl Leonard
Websense® Security Labs™ are aware that a vulnerability has been identified in the GNU C Library that can lead to remote code execution under certain circumstances. The GNU C Library ( glibc ) is a core component of GNU systems and those with...   Read more >
Flash forward – Angler, here we come
Posted: Tuesday, January 27, 2015 2:40 AM by Tamas Rudnai

As mentioned in the post, “Happy Nucl(y)ear - Evolution of an Exploit Kit”, we were planning to discuss the Angler exploit kit in detail in an upcoming post. However, the exploitation of a critical Adobe Flash 0-day vulnerability (CVE-2015-0311, patched) via the Angler exploit kit has fast-tracked our efforts and in this blog, we present the strategy adopted by the exploit kit to evade detection of the 0-day by security scanners. 0-days are valuable commodities and the longer they remain undiscovered, the more value they appropriate for the attacker(s).



Just as defense-in-depth is used as a strategy in the protection scenario, layered obfuscation is its equivalent in the evasion scenario. The attacker is interested in adopting a defense-in-depth approach to protect his / her investment and get the most ROI from exploits. A parallel in the physical world is a medieval castle which was protected by multiple wall system, so even when the external wall had taken down by catapults the so called inner castle was still standing strong.

...   Read more >
Presidential Proposals and Good Governance
Posted: Monday, January 26, 2015 3:50 PM by Charisse Castagnoli
Recently, the President proposed several pieces of legislation meant to increase cyber security and prevent cyber-crime. These new proposals aim to expand federal data protection requirements, currently only applied to healthcare organizations, financial...   Read more >
Flash 0-day being distributed by Angler Exploit Kit
Posted: Thursday, January 22, 2015 4:41 AM by ngriffin
Websense is aware of a new zero-day vulnerability in Adobe Flash Player, which has been seen exploited in-the-wild by the Angler Exploit Kit. The exploit, as reported by security researcher Kafeine , is known to affect the latest version of...   Read more >
Happy Nucl(y)ear - Evolution of an Exploit Kit
Posted: Thursday, January 15, 2015 5:50 AM by AToro
This blog post discusses how Nuclear Pack, one of the most popular exploit kits, has evolved, and highlights the constant, ongoing arms race between attackers and defenders. While Nuclear Pack is not the most sophisticated exploit kit--that dubious distinction...   Read more >
Websense Announces John Starr as New Channel VP
Posted: Wednesday, January 14, 2015 1:05 PM by News Release Archive
Experienced Executive Will Grow Global Channel Collaboration and Innovative New Security Markets for Partners AUSTIN, Texas , Jan. 14, 2015 -- Websense, Inc. , the global leader in protecting organizations from the latest cyber attacks and data theft...   Read more >
Filed under: ,
Websense Transformation Delivers New TRITON® APX 8.0 Platform to Surface Threats, Combat Skills Deficit & Provide Advanced Data Theft Prevention
Posted: Tuesday, January 13, 2015 7:05 AM by Adam Bennett
Websense Addresses Skills Gap with TRITON APX 8.0, the Result of 18 Months of Business Transformation & Innovation AUSTIN, Texas - January 13, 2015 - Websense, Inc. a global leader in protecting organizations from the latest cyber attacks and data...   Read more >
Why Methodology Matters: Guidelines for Evaluating a Real-World Security Test
Posted: Wednesday, January 07, 2015 9:31 PM by Websense Technical Marketing
In the last year, we have seen security vendors and well-known testing labs go toe-to-toe in headlines, blogs and social media over the methodology used to produce final test results. Claims of flawed methodologies, out-of-date software, improperly configured...   Read more >
'Tis the Season For…A New Year of Cyber Threats
Posted: Monday, January 05, 2015 5:39 PM by Bob Hansmann
For the cyber security industry, 2014 was a year of high-profile hacks. Data breaches hit every sector, from retail stores and financial instiutions to health care providors, and the fall-out was felt from the C-suite to the man in the street. As we begin...   Read more >
Sony Pictures Entertainment Hack – Truly motion picture worthy
Posted: Monday, December 22, 2014 7:45 AM by ngriffin
Blackmail, secretive master-plan, sabotage, drama, politics, thriller, hostage, the list goes on - this is not the plot-line of an immersive Hollywood motion picture, but rather the highlights of the recent hack on Sony Pictures Entertainment (SPE). Although...   Read more >
Tis the Season for…Financial Crime
Posted: Wednesday, December 17, 2014 5:32 PM by Carl Leonard
Advances in internet technology have chnaged much about our day-to-day lives. We no longer need fumble with maps to get where we're going. Global Positioning System (GPS) technology allows us to connect to satellites for instant driving directions...   Read more >
Websense Now a Member of Cloud Security Alliance’s Security, Trust and Assurance Registry (STAR) Registry
Posted: Tuesday, December 16, 2014 8:11 PM by Charisse Castagnoli
Websense is pleased to announce its inclusion on the Cloud Security Alliance (CSA) STAR registry with its completion of the CSA STAR Self Assessment. The CSA Security, Trust and Assurance Registry (STAR) Program is “a publicly accessible registry...   Read more >
Websense Listed as 'Champion' for Data Loss Prevention
Posted: Tuesday, December 16, 2014 1:05 PM by News Release Archive
Recognized for Data Discovery, Gateway & Endpoint Protection in 2014 Vendor Landscape AUSTIN, Texas , Dec. 16, 2014 -- Websense, Inc. , the global leader in protecting organizations from cyber-attacks and data theft, announced today its recognition...   Read more >
Time to act on Corporate Data Protection*
Posted: Monday, December 15, 2014 3:17 PM by Neil Thacker
Data breaches and security threats continue to make global news, serving as a constant reminder of the need to improve monitoring and protection of corporate data. European businesses, as well as those operating globally in the region, face particular...   Read more >
More News & Views...