HP Security Research Blog
The HP Security Research blog provides a platform for security experts from across HP to discuss innovative research, industry observations, and updates on the threat landscape to help organizations proactively identify and manage risk.

HP Security Research ‘Talkapalooza’ dates released!

HP Security Research (HPSR) giants will hit the road for a four-month global tour that touches down on four continents. View the roster of conferences at which team members will be speaking and plan to join us!

Tags: conferences| HPSR
Labels: conferences| HPSR

Dyre times for online banking customers

HP DVLabs security researcher Mat Powell provides details on a one of the newer banking trojans on the scene. Customers in the US and UK should be aware of "Dyreza" or "Dyre" and its browser-hooking ways.

HP Security Research OSINT (OpenSource Intelligence) articles of interest--July 18, 2014

OSINT.jpgIt's the July 18th edition of the HP Security Research OSINT articles of interest. This is a list of publically available articles that we find relevant in today's security news.  

Labels: HPSR

Bitcoin and security (part 3 of 3)

In the final post of our Bitcoin series, we look at the possibilities for cybercrime involving the cryptocurrency – as a target, as an exchange mechanism, and as a contributing element.

Four years and counting: ZDI leads Frost & Sullivan disclosure field

HP Security Research has just learned that our Zero Day Initiative (ZDI) team has received the Global Frost & Sullivan Company of the Year Award for 2013 – the fourth year in a row we’ve been honored as the pre-eminent public vulnerability research program.  The award is an honor; reading Frost & Sullivan's report on the current state of vulnerability research is a treat.

Hacking POS Terminal for Fun and Non-profit

Point-of-Sale (POS) devices are an essential part of modern life; the blood line for merchants. As plastic payment cards have become the default payment method, the security of POS devices has become more crucial. I was interested in learning how real-world POS machines maintain security but “close examination” without the owner’s consent is a crime. I have no friends in business using POS devices, so I decided to order a used device for investigation. The Aloha POS system is known to be very popular in the hospitality sector. 

HP Security Research OSINT (OpenSource Intelligence) articles of interest--July 7th, 2014

OSINT.jpgIt's the July 7th edition of the HP Security Research OSINT articles of interest. This is a list of publically available articles that we find relevant in today's security news.  

Labels: HPSR

Bitcoin and Security: part 2 of 3

Delving more deeply into the mechanisms of Bitcoin, I examine how Bitcoin tackles two potential problems – counterfeiting and the fair distribution of currency – through interesting architectural choices, and show how two potential “wrongs” not only make a right, but provide fundamental strength to the system.

Why does Windows rearrange the arguments when executing external process?

Most people, including myself, would expect java.lang.Runtime.exec(String[]) to pass the arguments array to the command without any modification.

HPSR Software Security Content 2014 Update 2

HP Security Research and the Software Security Research group are pleased to announce the immediate availability of updates to HP WebInspect SecureBase (available via SmartUpdate), the HP Fortify Secure Coding Rulepacks (English language, version 2014.2.0), HP Fortify Runtime Application Protection, and HP Fortify Premium Content. 

 

The Software Security Research group translates cutting-edge security research into security intelligence that powers the HP Enterprise Security Products portfolio. Today, HPSR Software Security Content supports over 860 vulnerability categories across 21 programming languages and spanning more than 737,000 individual APIs.

 

 

HP Security Research OSINT (OpenSource Intelligence) articles of interest--June 27, 2014

OSINT.jpgIt's Friday, June 27th, and you know what that means--It's time for the list of HP Security Research OSINT articles of interest! 

Labels: HPSR

HP Security Briefing, episode 14 - malicious file vizualization and clustering

In this month’s Security Briefing, we conduct a number of experiments with file geometry visualization and clustering algorithms on malicious and clean files using R language. You can listen to this episode of the HP Security Briefing podcast on the Web or via iTunes, and you can read or download the detailed companion report report here.

HP Security Research OSINT (OpenSource Intelligence) articles of interest--June 20, 2014

OSINT.jpgIt's the June 20th edition of the HP Security Research OSINT articles of interest. This is a list of publically available articles that we find relevant in today's security news.  

Labels: HPSR

HP Security Research OSINT (OpenSource Intelligence) articles of interest--June 13, 2014

OSINT.jpgIt's time for the June 13th list of HP Security Research OSINT articles of interest! This is a list of publically available articles that we find relevant in today's security news.  

Labels: security

Playing with Adobe Flash Player Exploits and Byte Code

Basically, SWF files are not something you can avoid analyzing if you are dealing with real-life exploits. A good methodology when analyzing SWF files is also very beneficial for current malware research. I talked about automating SWF exploits and malware analysis in a previous presentation, but here I want to share a more manual methodology you can use for daily research. All the tools are free and some of them are open source. For this example, I used a sample with a SHA1 value of 300a7e4d54eca8641d7a19ceb4ab68bb76696816. This sample exploits the CVE-2014-0515 vulnerability. 

Bitcoin and security (part 1 of 3)

In the first post of a three-part series, we look at Bitcoin basics: how it works, where its security profile fits into the eternal confidentiality-integrity-availability triad, and why the underpinnings of the currency are a noteworthy attempt to solve one of Internet security’s thorniest problems. We also take a peek at the guts of a Bitcoin ATM – and recognize a familiar operating system under the hood.

HP Security Research OSINT (OpenSource Intelligence) articles of interest--June 6, 2014

OSINT.jpgIt's the first Friday in June--and here are your HP Security Research OSINT articles of interest. This blog post provides links to current events related to the cyber security industry. 

Labels: HP| security

Once Bled, Twice Shy (OpenSSL: CVE-2014-0195)

CVE-2014-0195 is the latest critical vulnerability in a string of OpenSSL bugs.  The bug was submitted through the HP Security Research Zero Day Initiative program and filter guidance was provided immediately in the form of predisclosure filters for TippingPoint customers exclusively.  Read on for more details about this vulnerability and the protection only TippingPoint customers can experience!

ZDI-14-173/CVE-2014-0195 - OpenSSL DTLS Fragment Out-of-Bounds Write: Breaking up is hard to do

Researchers are upping their efforts to review OpenSSL source code to find additional vulnerabilities.  This left us wondering: “What will we find next?”  Well, it didn’t take long for another critical OpenSSL vulnerability to show up in the queues at the Zero Day Initiative.  Jüri Aedla is credited for the original discovery of this vulnerability and this blog describes the vulnerability also known as ZDI-14-173 (CVE-2014-0195).

HP Security Briefing, episode 13 – The art and near-science of threat modeling

In this month’s briefing, we give an overview of the threat-modeling landscape – what it affects, how it got this way, what the current notable conditions are, and how to introduce the pertinent concepts to your organization.

HP Security Research OSINT (OpenSource Intelligence) articles of interest--May 30, 2014

OSINT.jpgIt's time for the May 30th list of HP Security Research OSINT articles of interest! This is a list of publically available articles that we find relevant in today's security news.  

Labels: HP| security

HP Security Research OSINT (OpenSource Intelligence) articles of interest--May 23, 2014

OSINT.jpgIt's the May 23rd edition of the HP Security Research OSINT News Feed—a list of publically available articles that we find relevant in today’s security news.  

Labels: HP| security

Technical Analysis of CVE-2014-0515 Adobe Flash Player Exploit

At the end of April, Kaspersky reported an ITW exploit that was abusing an Adobe Flash Player zero-day vulnerability at the time (CVE-2014-0515). The vulnerability was known to be inside the Pixel Bender parser in Adobe Flash Player. I had time to look deeper into how the vulnerability works and how control of the code is acquired using this vulnerability.

The mechanism behind Internet Explorer CVE-2014-1776 exploits

Recently Microsoft patched an Internet Explorer use-after-free bug (CVE-2014-1776) that was being exploited in the wild. Since then I’ve seen several reports of new variants based on the original exploit appearing ITW. Let’s look deep inside the exploitation mechanism to see how it works to make a use-after-free execute shellcode.

What should be the optimal crypto-strength for CryptoLocker?

It is easy to say that the perpetrators of malware, such as CryptoLocker, are bad people.  However, one could also say that the same perpetrators have a pretty good grasp of how to deploy industrial-strength cryptography. But is everything optimal? Could there be such thing as a cryptography that is too strong? Could there be some valid reason to use less strong encryption intentionally?

HP Security Research OSINT (OpenSource Intelligence) articles of interest--May 9, 2014

OSINT.jpgWelcome to the May 9th edition of the HP Security Research OSINT News Feed--a list of publically available articles that we find relevant in today's security news! 

Labels: HP| security

Double-Dip: Using the latest IE 0-day to get RCE and an ASLR Bypass

Could the latest 0-day used in the wild be stealthier?

The attack discovered last week used two vulnerabilities but it could have been stealthier. A bug was exploited in flash to bypass ASLR and another in IE to gain RCE. ZDI's research proved that the IE bug can be exploited to bypass ASLR+DEP without using a Flash bug.

Labels: 0day| ASLR| DEP| exploit| IE| IE0day| ZDI

HP Security Research OSINT (OpenSource Intelligence) articles of interest--May 05, 2014

OSINT.jpgWelcome to the May 5th edition of the HP Security Research OSINT News Feed—a list of publically available articles that we find interesting in today’s security news.  

Labels: HP| security
Search
About the Author(s)
Follow Us


HP Blog

HP Software Solutions Blog

The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation