HP Security Research Blog
The HP Security Research blog provides a platform for security experts from across HP to discuss innovative research, industry observations, and updates on the threat landscape to help organizations proactively identify and manage risk.

Displaying articles for: January 2014

An evolution of BlackPOS malware

Brian Krebs has recently been blogging about Target stores in the US being breached by  Point of Sale (POS) malware. The malware is called BlackPOS and has been in the wild for some time. According to McAfee’s threat advisory, BlackPOS has been available in underground markets and forums since at least early 2013. One of the samples we saw actually dates back to mid-2012.

Pwn2Own’s New Exploit Unicorn Prize: Additional Background for Civilians

This year at Pwn2Own, we’re hunting the Exploit Unicorn – not because we think there are a lot of researchers out there who can capture it, but because we think there aren’t. That said, an attacker able to win this prize (and $150,000 for their efforts) is able to break through Microsoft’s most powerful protections, including a tool built specifically to protect against sophisticated attacks.

Pwn2Own 2014: Rules and Unicorns

HP’s Zero Day Initiative is once again expanding the scope of its annual Pwn2Own contest, with a new competition that combines multiple vulnerabilities for a challenge of unprecedented difficulty and reward.

Labels: HPSR| pwn2own| ZDI

Struts 2: OGNL Expression Injections

The OGNL (Object Graph Navigation Library) is infamous for related vulnerabilities found in the Struts 2 framework that relies on it. But what is OGNL injection and how bad is it?

Tags: OGNL| Struts2
Showing results for 
Search instead for 
Do you mean 
About the Author(s)
HP Blog

HP Software Solutions Blog


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.