HP Security Research Blog
The HP Security Research blog provides a platform for security experts from across HP to discuss innovative research, industry observations, and updates on the threat landscape to help organizations proactively identify and manage risk.

HP Security Research OSINT (OpenSource Intelligence) articles of interest – March 27, 2015

OSINT.jpgWelcome to the March 27th edition of the HP Security Research OSINT articles of interest. This is a list of publically available articles that we find relevant in today's security news.  

Labels: HPSR

A look back at Pwn2Own 2015

wrap.jpgFor two fantastic days in Vancouver, six researchers again demonstrated that when you enter Pwn2Own and are successful, you can count yourself among the best in the world. After a weekend’s worth of reflection, let’s step back and review the highlights.

HP Security Research OSINT (OpenSource Intelligence) articles of interest – March 21, 2015

OSINT.jpgWelcome to the March 21st edition of the HP Security Research OSINT articles of interest. This is a list of publically available articles that we find relevant in today's security news.  

Labels: HPSR

Pwn2Own 2015: Day Two results

day2-titlecard.jpgThe second and final day of Pwn2Own 2015 saw successful exploits by both entrants against four products, with each going after multiple targets and collecting a total of $240,000. This brings the two-day payout total to $557,500, not including the value of the laptops, ZDI points, and other prizes given to winning researchers.

Pwn2Own 2015: Day One results

Researcher Winning.PNGThe first day of Pwn2Own 2015 saw successful attempts by four entrants against four products, with payouts of $317,500 to researchers in the main competition.

Pwn2Own 2015: The lineup

ZDI Logo_4Blog_200px.jpgThe competition order for Pwn2Own 2015 was assigned by random drawing in the Pwn2Own room on Wednesday morning. This year found seven contestants targeting the various products in the competition, with some handling multiple challenges – twelve competitions in all.

Pwn2Own 2015: The final contestants

welcome to vancouver.jpgPwn2Own begins tomorrow, but registrations have closed. A total of seven groups and individuals have signed up to attempt exploits on the available targets. Here are those competing.

HP Security Research OSINT (OpenSource Intelligence) articles of interest – March 13, 2015

OSINT.jpgWelcome to the March 13th edition of the HP Security Research OSINT articles of interest. This is a list of publically available articles that we find relevant in today's security news.  

Full details on CVE-2015-0096 and the failed MS10-046 Stuxnet fix

zdi-small.pngIn accordance with the Zero Day Initiative’s disclosure policies, we are releasing full details on the CVE-2015-0096 issue patched today in MS15-020. This issue concerns a Stuxnet vulnerability first allegedly addressed by MS10-046. We track this issue as ZDI-15-086.

CVE-2015-0096 issue patched today involves failed Stuxnet fix

zdi-small.pngA vulnerability disclosed to Microsoft by the Zero Day Initiative demonstrates that fully patched machines have been vulnerable to the CVE-2010-2568 – the LNK vulnerability first widely reported in Stuxnet -- for nearly five years.

HP Security Research OSINT (OpenSource Intelligence) articles of interest – March 6, 2015

field-logo.jpgWelcome to the March 6th edition of the HP Security Research OSINT articles of interest. This is a list of publically available articles that we find relevant in today's security news.  

Labels: HPSR

HP Security Briefing, Episode 21: Security topics in Big Data

random-tree.PNGOur latest HPSR Security Briefing looks at the security issues raised by the frameworks and algorithms that power Big Data. We discuss four modes of effective Big Data analysis and hazard guesses as to what lies ahead.

Don’t FREAK out -- let us help

Our Software Security Research team examines the recently revealed Factoring RSA Export Key (FREAK) vulnerability and gives a brief recap of what you need to know.

HP Security Research OSINT (OpenSource Intelligence) articles of interest – February 27, 2015

OSINT.jpgWelcome to the February 27th edition of the HP Security Research OSINT articles of interest. This is a list of publically available articles that we find relevant in today's security news.

Labels: HPSR

Infographic: HP Security Research Cyber Risk Report 2015

very teeny tiny chart.pngThe annual Cyber Risk Report from HP Security Research provides organizations with a better understanding of the threat landscape and supplies resources that can aid in minimizing security risk. This year, we’re including an infographic detailing some of the more interesting data points detailed in the report.

Introducing Cyber Risk Report 2015

crr2015-cover-snip.PNGThe entire HP Security Research team is pleased to announce the release of our annual Cyber Risk Report, a recap of what mattered in 2014 and where we believe the infosecurity world is heading in 2015.

HP Security Research OSINT (OpenSource Intelligence) articles of interest – February 20, 2015

OSINT.jpgWelcome to the February 20th edition of the HP Security Research OSINT articles of interest. This is a list of publically available articles that we find relevant in today's security news.

Labels: HPSR

Just another day at the office: A ZDI analyst’s perspective on ZDI-15-030

zdi-small.pngA vulnerability report received late last year by the Zero Day Initiative contained a particularly well-written and well-documented example of a Windows kernel issue. Let’s take a walk through ZDI-15-030.

HP Security Research OSINT (OpenSource Intelligence) articles of interest – February 13, 2015

OSINT.jpgWelcome to the February 13th edition of the HP Security Research OSINT articles of interest. This is a list of publically available articles that we find relevant in today's security news.  

Labels: HPSR

Pwn2Own 2015: Exploitation at its Finest!

zdi-small.pngIt’s that time again: Security researchers, prepare to pack your best exploits and meet us in Vancouver. Pwn2Own 2015 is at hand. We announce this year’s rules, targets, and goals.

Tags: pwn2own| ZDI
Labels: pwn2own| ZDI

Vancouver, a Jewel of a city

We’ll have something to say about Pwn2Own in just a few minutes. In the meantime, Jewel Timpe, HPSR’s senior manager for threat research, may know something about the matter.

Tags: pwn2own| ZDI
Labels: pwn2own| ZDI

MyBatis - iBATIS deja vu? Perhaps not…

The latest rulepack from our Software Security Research (SSR) team comes with support for the MyBatis object relation mapping framework for Java. Static analysis being what it is, the team found some interesting support complications on the way to the release.

HP Security Research OSINT (OpenSource Intelligence) articles of interest – February 6, 2015

OSINT.jpgWelcome to the February 6th edition of the HP Security Research OSINT articles of interest. This is a list of publically available articles that we find relevant in today's security news

Labels: HPSR

HPSR, Microsoft, disclosure, and the $125,000 bug bounty

zdi-small.pngHP Security Research is pleased to announce that Zero Day Initiative (ZDI) team members Brian Gorenc, AbdulAziz Hariri, and Simon Zuckerbraun have won $125,000 from Microsoft’s mitigation-bypass bug bounty program. We discuss what they found and why they won’t keep the money.

Life after Windows Server 2003: Ready or not, here it comes

The impending end of support for Microsoft’s 11-year-old operating system should have businesses formulating a plan for their remaining Windows Server 2003 deployments. We look at what will and won’t happen on July 14, 2015 and how to think about what comes next.

HP Security Research OSINT (OpenSource Intelligence) articles of interest – January 30, 2015

OSINT.jpgWelcome to the January 30th edition of the HP Security Research OSINT articles of interest. This is a list of publically available articles that we find relevant in today's security news.  

Labels: HPSR

HP Security Briefing, Episode 20: The Internet of Things: A security overview

internet-of-things icons smaller.jpgIn the latest edition of the HP Security Briefing, we discuss the Internet of Things and how the advent of millions of connected devices affects network security from a practical standpoint.

HP Security Research OSINT (OpenSource Intelligence) articles of interest – January 23, 2015

OSINT.jpgWelcome to the January 23rd edition of the HP Security Research OSINT articles of interest. This is a list of publically available articles that we find relevant in today's security news.  

Labels: HPSR

HP Security Research OSINT (OpenSource Intelligence) articles of interest – Friday, January 16 2015

OSINT.jpgWelcome to the January 16th edition of the HP Security Research OSINT articles of interest. This is a list of publically available articles that we find relevant in today's security news.  

Labels: HPSR
Search
Showing results for 
Search instead for 
Do you mean 
About the Author(s)
Top Kudoed Posts
HP Blog

HP Software Solutions Blog

Featured


Follow Us
Labels
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.