Security Research
Showing results for 
Search instead for 
Do you mean 

HP Security Research OSINT (OpenSource Intelligence) articles of interest--April 28, 2014

SR-FI_Team on ‎04-29-2014 06:00 AM

Key articles of interest

United States’ Malware Infection Rate More than Doubles in the First Half of 2013
New data in the Microsoft Security Intelligence Report volume 15, indicates that the malware infection rate of the United States increased precipitously between the fourth quarter of 2012 and the first quarter of 2013.


Payment systems were under fire, 94 percent of security incidents fall into nine basic attack patterns, Web application attacks dominate the financial services sector and point of sale and distributed denial of service attacks plague retail.

Dutch student sells online soul at auction for €350
Dutch student Shawn Buckles has auctioned all his personal data to the highest bidder and earned a grand total of €350 (£288). In March, Buckles set up a website with an online bidding system in order to make a comment about privacy and the value of personal data.


Home Location Identification of Twitter Users
We present a new algorithm for inferring the home location of Twitter users at different granularities, including city, state, time zone or geographic region, using the content of users’ tweets and their tweeting behavior.


Predicting Crime Using Twitter and Kernel Density Estimation
Twitter is used extensively in the United States as well as globally, creating many opportunities to augment decision support systems with Twitter-driven predictive analytics. Twitter is an ideal data source for decision support: its users, who number in the millions, publicly discuss events, emotions, and innumerable other topics; its content is authored and distributed in real time at no charge; and individual messages (also known as tweets) are often tagged with precise spatial and temporal coordinates.


Websense: Why Java Exploits remain a top security Risk
It is amazing how much of our world runs on Java or JavaScript, its web-enabled cousin. ATMs fueling the cash economy; hospital scanners monitoring patient health; security systems protecting our homes; websites supporting media and commerce; and mobile devices enabling our business and social lives — these are just a few of our “life support” systems that rely upon these programming languages.


The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network
Tor is a distributed onion-routing network used for achieving anonymity and resisting censorship online. Because of Tor’s growing popularity, it is attracting increasingly larger threats against which it was not securely designed. In this paper, we present the Sniper Attack, an extremely low cost but highly destructive denial of service attack against Tor that an adversary may use to anonymously disable arbitrary Tor relays.


Cloudification of Web DDoS Attacks
Recent studies and reports show a dramatic increase in the prevalence of denial of service attacks in general, and application layer attacks in particular. As a result of this increase, DoS protection and mitigation solutions have evolved both on the technological side as well as in their ability to scale and protect against larger and more distributed attacks (DDoS).


1–15 April 2014 Cyber Attacks Timeline
Timeline reporting Cyber Attacks happened during the first half of April 2014, a month probably long remembered within the Infosec Chronicles for the discovery of the terrible Heartbleed bug (two attacks have been recorded, so far, related to this devastating vulnerability).


Kaspersky: IT threat evolution Q1 2014
- According to KSN data, Kaspersky Lab products blocked a total of 1 131 000 866 malicious attacks on computers and mobile devices in the first quarter of 2014.
- Kaspersky Lab solutions repelled 353 216 351 attacks launched from online resources located all over the world.
- Kaspersky Lab’s web antivirus detected 29 122 849 unique malicious objects: scripts, web pages, exploits, executable files, etc.
- 81 736 783 unique URLs were recognized as malicious by web antivirus.
- 39% of web attacks neutralized by Kaspersky Lab products were carried out using malicious web resources located in the US and Russia.
- Kaspersky Lab’s antivirus solutions detected 645 809 230 virus attacks on users’ computers. A total of 135 227 372 unique malicious and potentially unwanted objects were identified in these incidents.


Elliptic Curve Cryptography in Practice
We study four popular protocols that make use of this type of public-key cryptography: Bitcoin, secure shell (SSH), transport layer security (TLS), and the Austrian e-ID card. We are pleased to observe that about 1 in 10 systems support ECC across the TLS and SSH protocols. However, we find that despite the high stakes of money, access and resources protected by ECC, implementations suffer from vulnerabilities similar to those that plague previous cryptographic systems.


Defending Against Network-based Distributed Denial of Service Attacks
Back in 2013 volumetric denial of service (DoS) attacks on networks were all the rage. ‘Hacktivists’ first used them effectively against Fortune 500 class banks, largely knocking down major banking brands for days at a time. But these companies quickly adapted and gained proficiency at defending themselves, so attackers shifted targets and bifurcated their tactics.


Some of America’s poorest people are being targeted by cyber-scammers. Can an errant hacker find the culprits?
IF YOUR JOB involves scamming people, Mike Davis might be the last person you’d want to target. Mike breaks things apart for a living. He’s paid by companies to find security flaws in the electronics they sell. He’s a masterful coder and a compulsive tinkerer.


How Silk Road Bounced Back from Its Multimillion-Dollar Hack
That is what Defcon, the current administrator of the infamous black market site Silk Road (the 2.0 version), wrote back in February on the site’s forums. In total, an estimated $2.7 million worth of bitcoin belonging to users and staff of the site was stolen.


The Keen Team - Chinese Hacker Group Reveals their Identities
The Keen Team – a mysterious group of Chinese hackers who hacked Apple’s Safari Mac OS X Mavericks system in just 20 seconds and Windows 8.1. Adobe Flash in only 15 seconds during Pwn2Own Hacking Competition this year, are no more mysterious as the team revealed its members identity.


A Wake-up Call for SATCOM Security
Satellite Communications (SATCOM) play a vital role in the global telecommunications system. IOActive evaluated the security posture of the most widely deployed Inmarsat and Iridium SATCOM terminals.
IOActive found that malicious actors could abuse all of the devices within the scope of this study. The vulnerabilities included what would appear to be backdoors, hardcoded credentials, undocumented and/or insecure protocols, and weak encryption algorithms.

0 Kudos
About the Author


27 Feb - 2 March 2017
Barcelona | Fira Gran Via
Mobile World Congress 2017
Hewlett Packard Enterprise at Mobile World Congress 2017, Barcelona | Fira Gran Via Location: Hall 3, Booth 3E11
Read more
Each Month in 2017
Software Expert Days - 2017
Join us online to talk directly with our Software experts during online Expert Days. Find information here about past, current, and upcoming Expert Da...
Read more
View all