Security Blog

A Security Analytics Hunt for Heartbleed Traffic

April 14, 2014 - By Andrew Brandt, Joe Levy
Retrospectively searching for attack data long after the attack is normally a rough job, because by the time most victims find out about an attack, the data is usually gone. But when you're already keeping every packet that crosses the wire, things get a little easier.

Malicious Android Network Investigation Showcases WebPulse Analytics

April 10, 2014 - By Waylon Grange
[Great first post from Waylon in our internal blog earlier this week! --C.L.] This will be my first post as a Blue Coat researcher. I joined the team after working in government, and I’m excited to finally be able to discuss my research publicly. Being able to work with the WebPulse global intelligence network was one of the many motivating factors for me when deciding to join Blue Coat’s team. WebPulse integrates input from over 75 million users worldwide. The image below shows where our data sources are in a typical 24 hour period:

Widespread "Heartbleed" Bug Affects SSL Servers

April 8, 2014 - By Andrew Brandt
Unless you've been under a rock for the past day, you've probably already heard the news about the so-called "Heartbleed" bug affecting SSL servers.

Cybersecurity Trends 2014 - Trend 4 - The Deep Web Starts to Surface

April 1, 2014 - By Thomas Quinlan
You know something has become popular when you see it on the Netflix series “House of Cards”.  There is an episode in Season 2 where one of the characters gets onto the Deep Web in order to try and trap the protagonist.  In the end it backfires on him, but it’s not before we’ve seen a series of fancy screens involving the configuration of Tor and various proxy softwares.

Malicious Word Document Delivers a Boatload of Fail

March 25, 2014 - By Andrew Brandt
Yesterday, Microsoft put out a blog post about a newly-discovered security vulnerability affecting Microsoft Word 2010. The exploit, the author wrote, "takes advantage of an unspecified RTF parsing vulnerability combined with an ASLR bypass." And while that's important technical information, it doesn't really warn people who don't know what any of that means about what to look out for, and avoid. That's what I'm going to do.

LA Times is Malvertising Again...

March 21, 2014 - By Chris Larsen
[Shhh... Don't tell anyone, but I'm writing this in "stealth mode" in the back row of a meeting that I'm supposed to be paying attention to. Luckily, none of my managers read my blog... But this was important enough I didn't want to wait.]   Several months back, the LA Times was one of many unfortunate sites caught up in a large malvertising network we uncovered. Yesterday it showed up in our logs again as a referrer to evil sites, so I took a look this morning to see what was up...

Mobile Malvertising: a Trend, not a Blip

March 21, 2014 - By Tim van der Horst
[Tim's previous blog post on malvertising's jump to the top mobile attack vector, which was based on a "deep dive" into one week of data, drew quite a bit of attention. He's followed it up with a broader look at the overall trend, which I think is even more interesting.... --C.L.]  

Give Us This Day Our Daily Mal-Spam

March 17, 2014 - By Andrew Brandt
It's long overdue that I spent a little time on one spam campaign we've been seeing a lot: a "PDF"-decorated executable attached to a faux RingCentral message, that says something like this in the body of the email: You have a new fax message ... To view this message, please open the attachment

Will Smith Isn't Dead (Again)

March 10, 2014 - By Chris Larsen
WebPulse logs show that a Facebook spam/scam network is getting some traction among users today, passing along the "news" that Will Smith died -- although they can't seem to get their story straight:

2014 Mobile Malware Report: Malvertising Overtakes Porn as Leading Threat Vector

March 7, 2014 - By Blue Coat
Click on the info graphic below to download a full-size PDF