HP Security Research Blog
The HP Security Research blog provides a platform for security experts from across HP to discuss innovative research, industry observations, and updates on the threat landscape to help organizations proactively identify and manage risk.

Displaying articles for: April 2014

Microsoft IE zero day and recent exploitation trends (CVE-2014-1776)

The latest Microsoft Security Advisory concerning Internet Explorer involves the Vector Markup Language (VML) – and that’s nothing new. Let’s take a look at the difficult history of the VGX.DLL, which has been involved in eight Microsoft security releases in the last eight years. Where does CVE-2014-1776 fit into the picture?

HP Security Research OSINT (OpenSource Intelligence) articles of interest--April 28, 2014

OSINT newsletter.jpgIt’s the April 28th edition of the HP Security Research OSINT News Feed—a list of publically available articles that we find interesting in today’s security news.  

Labels: HP| security

Struts2 zero day in the wild

Remote code execution zero day in up-to-date Struts 2 applications:


Several months ago the Struts2 team announced security vulnerability S2-020 that allowed ClassLoader manipulation resulting in Remote Code Execution on certain application servers like Tomcat 8.

Tags: 0day| Struts2
Labels: 0day| Struts2

Patch analysis of latest Microsoft Office vulnerability (CVE-2014-1761)

I wrote about a Microsoft Word vulnerability, which was at that point a zero day, a few weeks ago,. Microsoft released the update for this vulnerability with their April 2014 Patch Tuesday. There is some confusion in the industry about the nature of this vulnerability, so I analyzed the patch -- in the process, confirming my previous findings. This blog discusses my results, along with some additional interesting findings related to previous security updates of the RTF parser in Microsoft Office.

HP Security Research OSINT (OpenSource Intelligence) articles of interest--April 14, 2014

OSINT.jpgWelcome to the April 14th edition of the HP Security Research OSINT News Feed—a list of publically available articles that we find interesting in today’s security news.  

Labels: HP| security

HPSR Software security content update - Heartbleed bug detection

HP Security Research is pleased to offer a downloadable security content update that will enable HP WebInspect to detect the Heartbleed bug.

Labels: Fortify| HPSR| SSR| WebInspect

Heartbleed causes heartache

The latest and scariest news in security is the “Heartbleed” bug. This evocative name comes from the fact that there is a buffer overread flaw in the implementation of the “heartbeat” extension to TLS that leaks information, potentially including usernames, passwords, secret keys and other communications. This serious flaw has been present in OpenSSL, a very popular open source implementation of the protocol used to secure the internet, for years.

Tags: OpenSSL

Advanced Persistent Threats and the rise of the app stores

For malware writers, the old days on the Internet were a volume business – infect as many computers as possible. Defenders responded with blacklisting. But modern Advanced Persistent Threat (APT) attacks are precisely tested and targeted. Will whitelisting – in the form of app stores – save us? And what will we lose if they do?

Technical Analysis of CVE-2014-1761 RTF Vulnerability

Recently, Microsoft announced that an RTF sample exploiting CVE-2014-1761 is in the wild. The sample has just become publicly known. I spent some time analyzing the vulnerability and this blog describes what I found. The sample I analyzed has a SHA1 value of 200f7930de8d44fc2b00516f79033408ca39d610. The main module that was used in my analysis is wwlib.dll with file version of 14.0.7113.5001 used in Microsoft Office 2010.

HP Security Research OSINT (OpenSource Intelligence) articles of interest--April 4, 2014

OSINT.jpgIt's time for the April 4th edition of the HP Security Research OSINT News Feed—a list of publically available articles that we find interesting in today’s security news.  

Labels: HP| security

HP Security Research Threat Intelligence Briefing episode 12 - The evolution of credit card crime

The recent Target attack reminds us that we are not safe in this world from credit card criminals. If you look at the last 10 years or so, you can see that the Target attack is actually nothing new. The trend for attacking card processing networks and POS machines has been occurring since the mid-2000s.

Four legs good: Recent advances in secure password generation

New research approaches to password generation utilize common household pets for more effective random string generation at minimal cost.

Tags: April Fools
Labels: April Fools
Showing results for 
Search instead for 
Do you mean 
About the Author(s)
  • Head of OpSec Research
  • I am a senior security content developer with Hewlett-Packard Security Research (HPSR). In this role, I write and edit security analysis and supporting content from researchers, including those from HP’s Zero Day Initiative (ZDI) program. The ZDI program augments HP’s Enterprise Security Products with zero-day research through a network of over 3,000 independent researchers around the world. I am also responsible for providing insight into the threat landscape; competitive intelligence to the research team; and providing guidance on the social media roadmap. Part of my role includes speaking publicly and promoting the research and technology of the HPSR.
  • Kernelsmith is senior vulnerability researcher with Hewlett-Packard Security Research (HPSR). In this role, he analyzes and performs root-cause analysis on hundreds of vulnerabilities submitted to the Zero-Day Initiative (ZDI) program. He also tries to automate whenever he can, pulling from the devops and virtualization arenas. Josh is also a developer for the Metasploit Framework and has spoken at a few conferences and holds a few certifications. Prior to joining HP, Smith served in the U.S. Air Force for 10 years and subsequently became a security engineer at the John Hopkins University Applied Physics Laboratory. Smith performed research into weapons systems vulnerabilities as well as evasion and obfuscation techniques to add depth and realism to security device tests. Smith received a B.S. in Aeronautical Engineering from Rensselaer Polytechnic Institute and an M.A. in Management of Information Systems from the University of Great Falls.
  • Security Researcher, Software Security Research
  • Security Researcher, Zero Day Initiative
  • Steve Povolny manages the Digital Vaccine team at HP TippingPoint. The team is composed of security researchers and filter/signature developers for the Intrusion Prevention System.
HP Blog

HP Software Solutions Blog


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.