HP Security Research Blog
The HP Security Research blog provides a platform for security experts from across HP to discuss innovative research, industry observations, and updates on the threat landscape to help organizations proactively identify and manage risk.

HP Security Research OSINT (OpenSource Intelligence) articles of interest--July 25, 2014

OSINT.jpgWelcome to the July 25th edition of the HP Security Research OSINT articles of interest. This is a list of publically available articles that we find relevant in today's security news.  

Labels: HPSR

HP Security Research ‘Talkapalooza’ dates released!

HP Security Research (HPSR) giants will hit the road for a four-month global tour that touches down on four continents. View the roster of conferences at which team members will be speaking and plan to join us!

Tags: conferences| HPSR
Labels: conferences| HPSR

HP Security Research OSINT (OpenSource Intelligence) articles of interest--July 18, 2014

OSINT.jpgIt's the July 18th edition of the HP Security Research OSINT articles of interest. This is a list of publically available articles that we find relevant in today's security news.  

Labels: HPSR

HP Security Research OSINT (OpenSource Intelligence) articles of interest--July 7th, 2014

OSINT.jpgIt's the July 7th edition of the HP Security Research OSINT articles of interest. This is a list of publically available articles that we find relevant in today's security news.  

Labels: HPSR

HPSR Software Security Content 2014 Update 2

HP Security Research and the Software Security Research group are pleased to announce the immediate availability of updates to HP WebInspect SecureBase (available via SmartUpdate), the HP Fortify Secure Coding Rulepacks (English language, version 2014.2.0), HP Fortify Runtime Application Protection, and HP Fortify Premium Content. 

 

The Software Security Research group translates cutting-edge security research into security intelligence that powers the HP Enterprise Security Products portfolio. Today, HPSR Software Security Content supports over 860 vulnerability categories across 21 programming languages and spanning more than 737,000 individual APIs.

 

 

HP Security Research OSINT (OpenSource Intelligence) articles of interest--June 27, 2014

OSINT.jpgIt's Friday, June 27th, and you know what that means--It's time for the list of HP Security Research OSINT articles of interest! 

Labels: HPSR

HP Security Research OSINT (OpenSource Intelligence) articles of interest--June 20, 2014

OSINT.jpgIt's the June 20th edition of the HP Security Research OSINT articles of interest. This is a list of publically available articles that we find relevant in today's security news.  

Labels: HPSR

HPSR Software security content update - Heartbleed bug detection

HP Security Research is pleased to offer a downloadable security content update that will enable HP WebInspect to detect the Heartbleed bug.

Labels: Fortify| HPSR| SSR| WebInspect

HP Security Research OSINT (OpenSource Intelligence) articles of interest--March 28, 2014

Welcome to the March 28th edition of the HP Security Research OSINT News Feed—a list of publically available articles that we find interesting in today’s security news.  

Labels: HP| HPSR| security

HPSR Threat Intelligence Briefing - Episode 11

Iranian hacker groups and their allies launched increasing numbers of cyber attacks over the last year, despite strict state controls of Internet traffic including: spying, censorship, and filtering laws and technology. 

 

In this report (see attached report for full content), we examine Iran’s cyber warfare capabilities, particularly the hacker groups that serve as a force multiplier to Iran’s continually expanding cyber presence. The report covers how these groups recruit and train members, the primary actors involved, TTPs, motivations, and indicators of state sponsorship by the regime. Through this analysis, the goal is to educate the reader on the capabilities of these groups and the significance and implications of state sponsorship of underground cyber actors. It also advises potential targets on mitigation strategies in the face of state sponsored cyber activities.

 

HP Security Research Threat Intelligence Briefing episode 10 - ZDI 2013 in review

It’s that time again, when we look at the vulnerability year that was and muse about the vulnerability year that will be. 2013 was a huge year for the Zero Day Initiative – we purchased more cases this year than in any other since the inception of the ZDI program 10 years ago. And what cases they were – vulnerabilities unearthed in widespread critical software used by enterprises and the greater computing community alike.  In this month’s Threat Briefing we walk 2013’s vulnerabilities, talk vendors, and think out loud about where this is going in 2014.

Pwn2Own’s New Exploit Unicorn Prize: Additional Background for Civilians

This year at Pwn2Own, we’re hunting the Exploit Unicorn – not because we think there are a lot of researchers out there who can capture it, but because we think there aren’t. That said, an attacker able to win this prize (and $150,000 for their efforts) is able to break through Microsoft’s most powerful protections, including a tool built specifically to protect against sophisticated attacks.

Pwn2Own 2014: Rules and Unicorns

HP’s Zero Day Initiative is once again expanding the scope of its annual Pwn2Own contest, with a new competition that combines multiple vulnerabilities for a challenge of unprecedented difficulty and reward.

Labels: HPSR| pwn2own| ZDI

Some uncomfortable truths about state-sponsored malware

Recent discussions regarding Edward Snowden and the NSA have raised some uncomfortable questions for the makers of anti-virus software.

Q2 2013 HP Fortify Software Security Content Update

HP Software Security Research is pleased to announce the immediate availability of updates to HP WebInspect SecureBase (available via SmartUpdate), the HP Fortify Secure Coding Rulepacks (English language, version 2013.2.0.0010), and HP Fortify Runtime Rulepack Kits (version 2013.2.0).

Labels: HP Fortify| HPSR| SSR

What to Expect from #OpPetrol

According to the announcement, the operation will “engage” on June 20, 2013. As we know from past events, actors may be compromising sites now only to release the results as part of the operation. Potential targets may have already seen activity that could later be associated with this announcement.

#OpUSA Lessons Learned

Did your company prepare for #OpUSA?  How much time and resources were spent handling this threat?  Is there such a thing as being overly prepared?  How can you predict the impact of the next threat?

Understanding the Syrian Electronic Army (SEA)

Over the last few years, interest in hacktivist organizations and state sponsored hacking groups has increased greatly around the world. The lines are blurred when comparing independent groups that operate in support of their government or country and those that are directly sanctioned by nation states. The Syrian Electronic Army (SEA) is a group based in Syria, which claims to operate independently in support of Syrian President Bashar al-Assad. 

Incorporating Feedback from the Security Community - What does DVLabs do?

On February 18, 2013, the American cyber-security firm Mandiant released a report detailing some of the inner workings of the Chinese PLA (People’s Liberation Army). This report is an example of the type of information DVLabs consumes on a daily basis in order to provide our customers with superior and timely protection against threats, known and unknown. The following breakdown describes TippingPoint protection solutions specifically relevant to the threats described in the report.

Pwn2Own 2013 Recap

So, what happened at Pwn2Own this year? The question really should be: "What didn't happen at Pwn2Own this year?" Now that the dust has settled, let's step back and look at the carnage resulting from Pwn2Own!

Labels: HPSR| pwn2own| ZDI

Pwn2Own 2013

Get ready for Pwn2Own 2013 at CanSecWest March 6th-8th in Vancouver, British Columbia where HP ZDI is offering more than half a million dollars (USD) in cash and prizes.

Labels: HPSR| pwn2own| ZDI

Formation of HP Security Research

We're pleased to announce the formation of HP Security Research (HPSR), a new group that will provide actionable security intelligence through published reports, threat briefings, and content delivered through the HP security product portfolio.

Search
About the Author(s)
Follow Us


HP Blog

HP Software Solutions Blog

The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation