HP Security Research Blog
The HP Security Research blog provides a platform for security experts from across HP to discuss innovative research, industry observations, and updates on the threat landscape to help organizations proactively identify and manage risk.

Displaying articles for: January 2014

An evolution of BlackPOS malware

Brian Krebs has recently been blogging about Target stores in the US being breached by  Point of Sale (POS) malware. The malware is called BlackPOS and has been in the wild for some time. According to McAfee’s threat advisory, BlackPOS has been available in underground markets and forums since at least early 2013. One of the samples we saw actually dates back to mid-2012.

Pwn2Own’s New Exploit Unicorn Prize: Additional Background for Civilians

This year at Pwn2Own, we’re hunting the Exploit Unicorn – not because we think there are a lot of researchers out there who can capture it, but because we think there aren’t. That said, an attacker able to win this prize (and $150,000 for their efforts) is able to break through Microsoft’s most powerful protections, including a tool built specifically to protect against sophisticated attacks.

Pwn2Own 2014: Rules and Unicorns

HP’s Zero Day Initiative is once again expanding the scope of its annual Pwn2Own contest, with a new competition that combines multiple vulnerabilities for a challenge of unprecedented difficulty and reward.

Labels: HPSR| pwn2own| ZDI

Struts 2: OGNL Expression Injections

The OGNL (Object Graph Navigation Library) is infamous for related vulnerabilities found in the Struts 2 framework that relies on it. But what is OGNL injection and how bad is it?

Tags: OGNL| Struts2

Hunting Botnets with ZMap

The internet is a big place, and malware is a big problem. However, with the rise in new internet-scale scanning technologies like ZMap, we have an opportunity to make things a lot more manageable. HP TippingPoint Security Researcher Ricky Lawshae has been working on a pet project lately that attempts to do just that; here are some of the initial findings.

Showing results for 
Search instead for 
Do you mean 
About the Author(s)
HP Blog

HP Software Solutions Blog


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.