HP Security Research Blog
The HP Security Research blog provides a platform for security experts from across HP to discuss innovative research, industry observations, and updates on the threat landscape to help organizations proactively identify and manage risk.

HP Security Research OSINT (OpenSource Intelligence) articles of interest – February 27, 2015

OSINT.jpgWelcome to the February 27th edition of the HP Security Research OSINT articles of interest. This is a list of publically available articles that we find relevant in today's security news.

Labels: HPSR

Infographic: HP Security Research Cyber Risk Report 2015

very teeny tiny chart.pngThe annual Cyber Risk Report from HP Security Research provides organizations with a better understanding of the threat landscape and supplies resources that can aid in minimizing security risk. This year, we’re including an infographic detailing some of the more interesting data points detailed in the report.

Introducing Cyber Risk Report 2015

crr2015-cover-snip.PNGThe entire HP Security Research team is pleased to announce the release of our annual Cyber Risk Report, a recap of what mattered in 2014 and where we believe the infosecurity world is heading in 2015.

HP Security Research OSINT (OpenSource Intelligence) articles of interest – February 20, 2015

OSINT.jpgWelcome to the February 20th edition of the HP Security Research OSINT articles of interest. This is a list of publically available articles that we find relevant in today's security news.

Labels: HPSR

Just another day at the office: A ZDI analyst’s perspective on ZDI-15-030

zdi-small.pngA vulnerability report received late last year by the Zero Day Initiative contained a particularly well-written and well-documented example of a Windows kernel issue. Let’s take a walk through ZDI-15-030.

HP Security Research OSINT (OpenSource Intelligence) articles of interest – February 13, 2015

OSINT.jpgWelcome to the February 13th edition of the HP Security Research OSINT articles of interest. This is a list of publically available articles that we find relevant in today's security news.  

Labels: HPSR

Pwn2Own 2015: Exploitation at its Finest!

zdi-small.pngIt’s that time again: Security researchers, prepare to pack your best exploits and meet us in Vancouver. Pwn2Own 2015 is at hand. We announce this year’s rules, targets, and goals.

Tags: pwn2own| ZDI
Labels: pwn2own| ZDI

Vancouver, a Jewel of a city

We’ll have something to say about Pwn2Own in just a few minutes. In the meantime, Jewel Timpe, HPSR’s senior manager for threat research, may know something about the matter.

Tags: pwn2own| ZDI
Labels: pwn2own| ZDI

MyBatis - iBATIS deja vu? Perhaps not…

The latest rulepack from our Software Security Research (SSR) team comes with support for the MyBatis object relation mapping framework for Java. Static analysis being what it is, the team found some interesting support complications on the way to the release.

HP Security Research OSINT (OpenSource Intelligence) articles of interest – February 6, 2015

OSINT.jpgWelcome to the February 6th edition of the HP Security Research OSINT articles of interest. This is a list of publically available articles that we find relevant in today's security news

Labels: HPSR

HPSR, Microsoft, disclosure, and the $125,000 bug bounty

zdi-small.pngHP Security Research is pleased to announce that Zero Day Initiative (ZDI) team members Brian Gorenc, AbdulAziz Hariri, and Simon Zuckerbraun have won $125,000 from Microsoft’s mitigation-bypass bug bounty program. We discuss what they found and why they won’t keep the money.

Life after Windows Server 2003: Ready or not, here it comes

The impending end of support for Microsoft’s 11-year-old operating system should have businesses formulating a plan for their remaining Windows Server 2003 deployments. We look at what will and won’t happen on July 14, 2015 and how to think about what comes next.

HP Security Research OSINT (OpenSource Intelligence) articles of interest – January 30, 2015

OSINT.jpgWelcome to the January 30th edition of the HP Security Research OSINT articles of interest. This is a list of publically available articles that we find relevant in today's security news.  

Labels: HPSR

HP Security Briefing, Episode 20: The Internet of Things: A security overview

internet-of-things icons smaller.jpgIn the latest edition of the HP Security Briefing, we discuss the Internet of Things and how the advent of millions of connected devices affects network security from a practical standpoint.

HP Security Research OSINT (OpenSource Intelligence) articles of interest – January 23, 2015

OSINT.jpgWelcome to the January 23rd edition of the HP Security Research OSINT articles of interest. This is a list of publically available articles that we find relevant in today's security news.  

Labels: HPSR

HP Security Research OSINT (OpenSource Intelligence) articles of interest – Friday, January 16 2015

OSINT.jpgWelcome to the January 16th edition of the HP Security Research OSINT articles of interest. This is a list of publically available articles that we find relevant in today's security news.  

Labels: HPSR

HP Security Research OSINT (OpenSource Intelligence) articles of interest – January 9, 2015

OSINT.jpgWelcome to the January 9th edition of the HP Security Research OSINT articles of interest. This is a list of publically available articles that we find relevant in today's security news.

Labels: HPSR

Changes to Zero Day Initiative program benefits

zdi-small.pngAs the Zero Day Initiative looks forward to 2015, changes are coming to our program benefits. They’re designed to encourage new researchers and further reward our frequent submitters.

Happy new year (and new guidelines) from the ZDI

As the Zero Day Initiative closes the books on the most successful year in its history, we thank our contributors – and lay plans to raise the bar on contributions in 2015.

HP Security Research OSINT (OpenSource Intelligence) articles of interest – December 20, 2014

OSINT.jpgWelcome to the December 20th edition of the HP Security Research OSINT articles of interest. This is a list of publically available articles that we find relevant in today's security news.

Labels: HPSR

HPSR Software Security Content 2014 Update 4

HP Software Security Research is pleased to announce the immediate availability of updates to HP Application Defender, HP WebInspect SecureBase (available via SmartUpdate), the HP Fortify Secure Coding Rulepacks (English language, version 2014.4.0), HP ArcSight Application View, and HP Fortify Premium Content. As of today, HPSR Software Security Content supports over 890 vulnerability categories across 22 programming languages, and spans more than 815,000 individual APIs.

North Korea and the attack on Sony Pictures Entertainment

34012373_s.jpgThe Sony Pictures Entertainment breach has taken a number of unprecedented turns since it came to light in late November. We analyze the situation and weigh in on what has transpired, and whether the smoking gun is definitely in North Korea’s hand.

Labels: Field| north korea| sony

HP Security Research OSINT (OpenSource Intelligence) articles of interest – December 12, 2014

OSINT.jpgWelcome to the December 12th edition of the HP Security Research OSINT articles of interest. This is a list of publically available articles that we find relevant in today's security news.  

Labels: HPSR

HP Security Research OSINT (OpenSource Intelligence) articles of interest – December 6, 2014

OSINT.jpgWelcome to the December 6th edition of the HP Security Research OSINT articles of interest. This is a list of publically available articles that we find relevant in today's security news.

Labels: HPSR

HP Security Briefing, episode 19 - Fifty shades of black hat: Turkey’s hacker underground

28818008_m.jpgIn the latest edition of the HP Security Briefing, we discuss the cyber threat landscape inside the Republic of Turkey.

HP Security Research OSINT (OpenSource Intelligence) articles of interest – November 21, 2014

OSINT.jpgWelcome to the November 21st edition of the HP Security Research OSINT articles of interest. This is a list of publically available articles that we find relevant in today's security news.

Labels: HPSR

SandWorm’s target: A patch history of Object Packager

Object Packager, a component of Microsoft Windows OLE (Object Linking and Embedding), has drawn the attention of attackers and Microsoft twice in the last two months. We examine the patch history of the venerable component.

Reverse engineering NAND Flash Memory – POS device case study (part 3/3)

In my first blog, I talked about a method for acquiring a NAND Flash memory image by directly interacting with the chip. After you acquire a raw firmware image, using the various approaches I proposed with my second blog, you should be able to easily identify the layout of the firmware. At this point in the process, it’s time to extract the data and manipulate it.

HP Security Research OSINT (OpenSource Intelligence) articles of interest – November 15, 2014

OSINT.jpgWelcome to the November 15th edition of the HP Security Research OSINT articles of interest. This is a list of publically available articles that we find relevant in today's security news.

Labels: HPSR
Search
Showing results for 
Search instead for 
Do you mean 
About the Author(s)
HP Blog

HP Software Solutions Blog

Featured


Follow Us
Labels
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.