Blog
Blogs
The Websense Security Labs Blog delivers the most current information about breaking security research topics and today's advanced Internet threats. Websense Security Labs investigates and publishes information about outbreaks, new threats and other relevant Web security topics to protect organizations from converging risks to their data from Web, email and user based attacks.
Go to the new Security Labs Blog
Google Sponsored Links Spreading Rogue Anti-Virus Software
12.15.2008 - 2:25 PM
In the Labs, we keep a close eye on millions of Web sites each week. Last week, our ThreatSeeker network became aware of a download site offering the compression utility Winrar—one of the most popular and best-known compression utilities—bound with malware. We thought that this scam could present a good case study to show how the reputations of legitimate and popular applications and online services are being abused to serve and help malware authors to spread malicious software.
Read more »
IE7 Zero Day Technical Analysis
12.15.2008 - 11:07 AM
Following our alerts, we completed this analysis for the Zero Day attack. The exploit for this vulnerability has two parts:
A. JavaScript heap spray code and x86 shellcode
B. The XML/SPAN tag vulnerability
Read more »
12.09.2008 - 4:45 PM
Microsoft recently published its monthly security bulletin summary for December 2008. The summary includes eight bulletins, of which six were rated "critical" and two "important". Microsoft has patched vulnerabilities all over their product portfolio, including patches for Internet Explorer, Microsoft Office, GDI, and Windows Search. Here's a quick overview of what this means in terms of threats to the Webscape, focusing on the vulnerabilities that can be exploited over the Web.
Read more »
12.08.2008 - 4:07 PM
One of the most effective ways to avoid becoming a victim of a phishing attack is to be aware of what constitutes a phishing attack. "Seeing is believing" does *NOT* always hold true on the Internet. Understanding this concept can protect Web users from a lot of trouble—as phishing victims would clearly testify. To that end, we would like to inform our readers of a new program by the APWG/CMU, whose goal is to educate the general public.
Read more »
Websense Security Labs 2009 Predictions
12.08.2008 - 3:59 PM
Websense Security Labs predicts that in 2009
[1] The “Cloud” will increasingly be used for malicious purposes
Cloud-based services, such as Amazon Web Services (AWS), Microsoft Azure, and GoGrid, provide businesses and users with easy-to-use, rent-as-you go opportunities for storage and large-scale computing at a low cost. But these services also are an attractive target for cybercriminals and spammers to leverage for misuse. [...]
Read more »
This Month in the Threat Webscape
12.08.2008 - 12:00 PM
Month of November 2008
This month we observed a huge decrease in spam numbers as the Web hosting company McColo, a major cyber-criminal safe haven, was depeered by its neighbors. The blackhats, however, proved their resilience. They managed to resurrect their zombies, though spam levels did not return to peak levels this month.
On a brighter note, Ziff Davis Enterprise's Baseline magazine recognized Stephan Chenette and the crew at Websense Security Labs among the top 10 researchers making a difference in the world of security!
Quick announcement: Follow us on Twitter for up-to-the minute bite-sized updates on what's new around the 'net block. Follow our This Month in the Threat Webscape blog series to stay abreast of emerging Web threats.
Read more »
Previous Posts
December 2008
| 12.15.2008 | Google Sponsored Links Spreading Rogue Anti-Virus Software » |
| 12.15.2008 | IE7 Zero Day Technical Analysis » |
| 12.09.2008 | Patch Tuesday - December 2008 » |
| 12.08.2008 | APWG: Education Landing Page » |
| 12.08.2008 | Websense Security Labs 2009 Predictions » |
| 12.08.2008 | This Month in the Threat Webscape » |
Archives
+ November 2008+ October 2008
+ September 2008
+ August 2008
+ July 2008