Home Tags Hewlett Packard

Tag: Hewlett Packard

Familiar Attacks Still Wreaking Havoc, HPE Cyber Risk Report Finds

Hewlett Packard Enterprise (HPE) released its 2016 Cyber Risk Report on Feb. 17, providing statistics and some analysis on security trends for the past year. While some things have changed over the course of the last year, many others have not.

Among t...

Hack VMware, score US$75K. Hack Flash, get much less

CanSecWest There's US$75,000 up for grabs to hackers who compromise VMware's hypervisor software in an upgraded Pwn2Own contest next month. The next challenge represents a significant boost to the difficulty of the hacking competition in which popular hardware and software products are publicly flayed by cyber-security gurus. The Vancouver, Canada, event – to be held on March 16 this year – invites hackers to exploit zero-day vulnerabilities in widely used code, such as Apple's Safari browser, Google's Chrome browser, or Adobe Flash, and win tens of thousands of dollars in prizes for doing so. Hewlett Packard Enterprise's vulnerability research manager Brian Gorenc (@maliciousinput) says the HP-run event will now include the option to pop VMware on Windows. "Since its inception in 2007, Pwn2Own has increased the challenge level at each new competition, and this year is no different," Gorenc says. "While the latest browsers from Google, Microsoft, and Apple are still targets, the Windows-based targets will be running on a VMware Workstation virtual machine [and] a US$75,000 bonus will be given to those who can escape the VMware virtual machine. "This is our first year including VMware as a target, and we look forward to seeing what researchers will do with it." The contest will be reworked so that winners are those with the highest overall points accrued through successful exploits. Those who escape Windows VMware (US$75,000) will grab the maximum 13 points, while hosing Chrome (US$65,000) or Microsoft Edge (US$65,000) will earn 10 points. Adobe asset Flash in Edge (US$60,000) and OS-X Safari (US$40,000) attract eight and six points, while system escalation, root escalation, and target sandbox (US$20,000) escapes earn five, four, and three points respectively. Contestants will need to consider how the Wassenaar Arrangement may affect them. Hewlett Packard canned last year's MobilePwn2Own contest in December allegedly due to the Arrangment. The Japan hackerfest went ahead anyway and enjoyed success despite the fact that some hackers stayed home for fear of breaching the global disparate arms control system. It is, however, generally said that Western nations do not intend to target white hat researchers. ® Sponsored: Building secure multi-factor authentication

Pwn2Own Hacking Contest Returns as Joint HPE-Trend Micro Effort

Over a half million dollars in prize money is up for grabs as the Zero Day Initiative browser hacking contest continues even as corporate ownership shifts. The annual Pwn2Own browser hacking competition that takes place at the CanSecWest conference is one of the premier security events in any given year, as security researchers attempt to demonstrate in real time zero-day exploits against modern Web browsers. This year there was initial concern that the event wouldn't happen, as the Zero Day Initiative (ZDI), which is the primary sponsor of Pwn2Own, is currently in a state of transition. ZDI currently is part of Hewlett Packard Enterprise (HPE), but that will change this year, as the TippingPoint division of HPE, which includes ZDI, is being sold to security vendor Trend Micro in a deal first announced in October 2015 for $300 million. Since ZDI is in transition, HPE and Trend Micro will jointly sponsor the 2016 Pwn2Own event taking place March 16-17. "Bringing both HPE and Trend Micro together for Pwn2Own has been a lot of fun," Brian Gorenc, manager of Vulnerability Research at HPE, told eWEEK. Since Trend Micro's acquisition of TippingPoint has not yet officially closed, it was determined that the best course of action was to do a joint sponsorship of the event, Gorenc said. As such, no matter who owns TippingPoint when the Pwn2Own contest starts, both Trend Micro and HPE will have an interest in what's going on at the event. At the 2015 event, HP awarded a total of $557,500 in prize money to researchers for exploiting previously unknown vulnerabilities in Web browsers. The prize pool for the 2016 event will be in the same range, though at this point it's not entirely clear which vendor will pay for the prizes. "We don't discuss publicly how the sponsorship works, but the money is all accounted for and we're ready to give it all away if the exploits come in," Gorenc said. For the 2016 event, Pwn2Own will award $65,000 for exploits against Google Chrome running on fully patched versions of Windows 10, running Microsoft's Enhanced Mitigation Experience Toolkit (EMET). The same amount will be paid for an exploit on Microsoft's new Edge browser. Pwn2Own will award an additional $60,000 for Adobe Flash exploits running Microsoft Edge. Finally on Mac OS X, there is a $40,000 award for exploiting Apple's Safari browser. There are a number of additional opportunities to win even more prize money. One award will go to a researcher who is able to execute a hypervisor escape from the VMware Workstation virtual machine on which the Windows-based browsers will be running. The promise of using a virtual machine is that it isolates the running application and does not allow processes to "escape" and impact other processes that could be running on the same system host. "This year we also added the Master of Pwn idea, which is the person that will be the grand champion of the entire event," Gorenc said. In the past, he said, whoever won the most money was unofficially understood to be the grand champion. This year, Pwn2Own will formalize the process to crown the Master of Pwn by having a point system for vulnerabilities disclosed at the event. The winner will earn 65,000 ZDI reward points, which is worth approximately $25,000. One change in the 2016 event is that the Mozilla Firefox Web browser is no longer part of the contest. "We wanted to focus on the browsers that have made serious security improvements in the last year," Gorenc said. Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

Automated Security Vendor Hexadite Gets $8M Capital Infusion

Hewlett Packard Ventures participated in the Series A round of funding for Hexadite, whose core platform is an automated incident response technology. Security vendor Hexadite has raised $8 million in a Series...

Logicalis and HPE Introduce ‘IT Custodian’: Best Practice Service Management to...

Logicalis SMC and HPE combine to accelerate digital transformation via a complete, rapidly deployable big data ITSM solutionLondon, UK, 03 February 2016 – Logicalis, the international IT solutions and managed services provider, has announced the launch of IT Custodian, a turnkey ITSM solution developed jointly with technology leader Hewlett Packard Enterprise (HPE) and Logicalis’ Service Management Consulting (SMC) business to advance the digital enablement of large organisations. The Logicalis SMC best practice solution utilises core HPE ITSM excellence leveraging HPE Propel technology, and centres on a prebuilt, standard process model that promises fast and successful implementation at a fixed cost. IT Custodian is aligned to the Open Group IT4IT™ framework, and available on-premise or as a cloud service.“Service Management is more than capable of achieving transformational performance at the speed of digital innovation, but traditional approaches to extending the service desk and embracing ITSM can be difficult to budget and take many months to implement correctly. This is far from ideal at a time when IT departments urgently seek to regain control over IT services and become the ‘internal service provider’ to the business,” explained Martyn Birchall, Director, International Service Management Consulting at Logicalis. “With IT Custodian, instead of losing time adapting ITSM technologies to meet their bespoke needs, organisations can rapidly adopt a best of breed, best practice model relevant to their business challenge, which is based on lessons learned with hundreds of major organisations.” According to recent Logicalis research[1] highlighting the effects of the so-called Shadow IT phenomenon, 31% of CIOs globally are now routinely side-lined when it comes to making IT purchasing decisions. IT Custodian comprehensively addresses these and other governance issues, within a fully-supported framework that leverages ITSM best practice gained from over 17 years of Logicalis Service Management consultancy experience.“The IT Custodian solution extends the benefits of HPE Service Management technology with a ready to adopt implementation model that includes everything a service-defined enterprise needs for ITSM in a single solution,” said Kevin Leslie, EMEA Director of Service Portfolio Management at HPE. “Enterprise CIOs and line-of-business executives now have a proven, repeatable approach to Service Management that curbs the risks associated with shadow IT and delivers the benefits of a rich, dynamic, multi-source IT environment with full budgetary control and governance.”For more resources about the Service-Defined Enterprise (SDE), including a forthcoming workshop series for CIOs and IT directors, visit www.uk.logicalis.com/sde.[1]Logicalis Global CIO Survey 2015 http://www.logicalis.com/knowledge-share/downloads/cioreport-2015-the-shadow-it-phenomenon/logicalis-cio-report-2015/ EndsAbout LogicalisLogicalis is an international IT solutions and managed services provider with a breadth of knowledge and expertise in communications and collaboration; data centre and cloud services; and managed services.Logicalis employs over 4,000 people worldwide, including highly trained service specialists who design, deploy and manage complex IT infrastructures to meet the needs of over 6,500 corporate and public sector customers. To achieve this, Logicalis maintains strong partnerships with technology leaders such as Cisco, HPE, IBM, CA Technologies, NetApp, Microsoft, Oracle, VMware and ServiceNow on an international basis. It has specialised solutions for enterprise and medium-sized companies in vertical markets covering financial services, TMT (telecommunications, media and technology), education, healthcare, retail, government, manufacturing and professional services, helping customers benefit from cutting-edge technologies in a cost-effective way.The Logicalis Group has annualised revenues of over $1.5 billion, from operations in Europe, North America, Latin America and Asia Pacific, and is one of the leading IT and communications solution integrators, specialising in the areas of advanced technologies and services.The Logicalis Group is a division of Datatec Limited, listed on the AIM market of the LSE and the Johannesburg Stock Exchange, with revenues of over $6 billion.For more information, visit www.uk.logicalis.com Media contact:Jacob Petterson / Greg Halse Cohesive Communications+44 (0) 1291 626200logicalis@wearecohesive.com Source: RealWire

Microsoft Announces The First Technical Preview Of Azure Stack

With Azure Stack, Microsoft wants to bring its Azure cloud computing services into its customers’ data centers. Today, the company announced that it will launch the first technical preview of Azure Stack later this week on Friday, January 29. For now, this is a pretty limited version of Microsoft’s overall vision for Azure Stack. It’ll only support a single machine, for example, which is obviously a far cry from the enterprise-scale data center environment Microsoft envisions for the platform. As Microsoft’s Ryan O’Hara told me, though, the plan is to get a full release of Azure Stack into customers’ hands “in the Q4 timeframe.” In many ways, Azure Stack is the logical next step in Microsoft’s overall hybrid cloud strategy. If you’re expecting to regularly move some workloads between your own data center and Azure (or maybe add some capacity in the cloud as needed), having a single platform and only one set of APIs across your own data center and the cloud to work with greatly simplifies the process. This, O’Hara believes, means Microsoft will be “well-positioned against Google and AWS” because it can more easily connect its data centers to its customers’ data centers than its competitors. Microsoft describes Azure Stack as a “high-fidelity” version of Azure. For now, though, the plan isn’t to make all the Azure services available on premises. Instead, these earlier versions of Azure Stack will mostly focus on the core components: compute, storage and networks (which isn’t unlike earlier versions of Azure Stack competitor OpenStack, for example). Both Azure and Azure Stack share a lot of their underlying technologies and Microsoft has standardized on a single architecture for both. O’Hara stressed that Microsoft wants to enable what he called “one Azure ecosystem” that spans from the cloud to the enterprise data center. This means developers and IT admins will be able to use one set of tools to target the platform (including Visual Studio and PowerShell) and won’t have to worry about whether their apps will eventually run on premises or in the public Azure cloud. Azure Stack uses the same user interface as Azure, too. “As far as tenants go, it really should appear as if it’s another region of Azure for them,” he said. Over the course of the technical preview, Microsoft will continue to add new services and content, including OS images and Azure Resource Manager templates. Azure Stack is obviously going up against the likes of OpenStack, the open source enterprise cloud computing platform that now has the backing of everybody from Rackspace, HP Enterprise and IBM, as well as a thriving startup ecosystem. Microsoft clearly hopes that its hybrid story will allow it to position Azure Stack as a viable alternative against this quickly growing open source competitor.

Hewlett Packard Enterprise: think of us as a startup

As of midnight on the morning of Monday 2 November 2015, HP has brought to a close a year-long process and opened a new chapter in its 75-year history, as it splits into two different companies, HP Inc, the printing and devices business, and Hewlett Packard Enterprise (HPE). HPE is billed as a new force in enterprise IT, with a turnover of $53bn and one of the most extensive and comprehensive product portfolios in the industry, stretching from servers through storage, networking, services and more. This makes it, or so it claims, one of the last IT suppliers standing – if not the last – with such extensive capabilities. For HPE UK and Ireland managing director and senior vice-president Andy Isherwood, who took the helm of the old HP business in this country back in 2013, the split is an opportunity to refocus his energies on a more nimble and agile business. “Looking at myself and what I do, I haven’t now got to worry about everything from someone buying a printer in Currys all the way through to a large enterprise organisation,” he tells Computer Weekly. “My job starts and stops here now. I have more time to get it right in this space rather than spread myself thin, and this focus actually is pretty important.” While Isherwood may be looking forward to having the day-to-day concerns of the printer business off his plate, other HPE staff will also be feeling a little less stress. As the separation has moved ahead, HPE has quietly carried out a major refresh of a number of its systems, bringing in more software-as-a-service (SaaS) offerings to change the employee experience for the better and to move quicker in front of its customers. It is, says Isherwood, a true reinvention. “We’ve reinvented ourselves in many ways over that 75 years, and what we want to do is make sure that people feel that actually we’re starting a new company with a core set of values,” he says. Those core values fall into three categories, Isherwood explains: firstly, to continue to partner with channel businesses as a key to getting the market coverage HPE desires; secondly, to reinstate its research and development (R&D) capabilities; and thirdly, to tear down the old mindsets of its employees and rebuild them with a “bias towards action”. “We’re coming in on Monday with a new brand, a new company, a new office, everything is new,” says Isherwood, “and we’ve got to go and question everything that has been done in the past, every single process, and every single customer engagement.” The customer play For customers, he says, HPE wants to maintain the strength that the old HP has been known for, and combine that with the agility, speed and presence of a startup business. The strength comes from its existing market share in IT infrastructure and its broad portfolio and services capabilities, says Isherwood. I think customers appreciate the value we have as an HP company but hopefully will see this focus, innovation and agility come through in how we turn up in the market Andy Isherwood, HPE “Who else has what we have in terms of the best-in-class infrastructure from storage to networking, to hyper-converged, through to the transformational services that let people move their infrastructures today and build for the new world? IBM doesn’t. It’s sold most of its infrastructure assets. Dell? Well, they’re going to be a little bit confused over the next couple of years. So who’s out there who does what we do with the values we have? “I think customers appreciate the value we have as an HP company but hopefully will see this focus, innovation and agility come through in how we turn up in the market. It’s building on what we do, not throwing out the past,” says Isherwood. HPE will now focus on four main areas as it takes its enterprise customers on a journey towards a new style of business using a new style of IT. Firstly, explains Isherwood, it will spearhead the transition to a hybrid infrastructure. Conscious that many enterprises have a lot of technology under the bonnet that is creaking and cannot support them as they try to become more agile themselves and compete with the Airbnbs and Ubers of this world, HPE says the new infrastructure needs to be hybrid and open to let people move and place workloads where it is most effective to do so. Secondly, it will “empower a data driven organisation”, whether that is machine data, application data or unstructured data, to extract meaning from it and capture the essence of what customers want to do with the insight it can provide. Thirdly, on security, it will push its software, managed services and consulting with renewed vigour to assuage the worries of customers subjected to a constant barrage of news stories about security breaches. Finally, it will focus on enabling workplace productivity, to create best-in-class experiences for employees with more meaningful mobile solutions. What to expect? Much of what the average enterprise CIO can expect to see is predicated on these four areas of focus, but Isherwood picks out the transformation towards the hybrid world as key to the experience of being an HPE customer in the years to come. “For me it’s doing two things. Customers have legacy infrastructure and have to transform it to lower costs very quickly so they can compete with new players,” he says. “Additionally it’s making sure they’ve got an infrastructure in place, whether on- or off-premise, that allows them to spin up ideas very quickly. “If you haven’t got the infrastructure in place to do that you’re not going to be as competitive or quick as those people coming into the market without legacy IT who will typically spin up in a public cloud. “Our infrastructure will allow people to do that in the best way, whether it’s converged infrastructure, flash storage or mobile – people will see those disruptive technologies that we’ve invested in over the past couple of years really start to come into play significantly, and then obviously they’ll continue to see us lead in the service space,” says Isherwood. Return to R&D All this will be backed with increasing investment in HPE’s R&D capabilities, notably in its Bristol laboratories, where its teams are working on The Machine, its memory-driven supercomputer architecture, first announced at HP Discover in 2014, which the firm claims will force a complete redefinition of what compute looks like in the next five years. On top of this investment – amounting to 10% of HPE revenues – there will be more money for new recruits. Isherwood already plans to take on 350 to 400 graduate staff this year, as well as 150 students on placements and around 100 apprentices. This, he says, is a way of trying to change how new ideas and innovation enter the organisation HPE will also shortly be moving its central London office to a new location that will also host its first customer demonstration centre in Europe, through which it hopes to help better articulate its plans and solutions. “Customers often say to me that they are amazed at how quiet we are about what we do and what we’ve got. This is about how we take what we do to them, and engage with them in creating plans and strategy,” says Isherwood. “We’ve not been brilliant at that in the past, so it’s quite exciting that we can now have that sort of facility in Europe.”

VU#350508: HP ArcSight SmartConnector fails to properly validate SSL and contains...

The HP ArcSight SmartConnector fails to properly validate SSL certificates,and also contains a hard-coded password.

HP Sells TippingPoint Security Division to Trend Micro for $300M

As HP's split nears, the company is divesting its TippingPoint network security business unit, which isn't considered to be core to HP Enterprise's mission. Just ahead of HP's historic corporate split, the company announced today that it is selling TippingPoint to Trend Micro in a deal valued at approximately $300 million. Trend Micro's acquisition of TippingPoint, expected to close in the first quarter of HP's fiscal 2016, will mark the third time in a just over a decade that the network security vendor has had a new owner. Networking vendor 3Com acquired TippingPoint in December 2004, and HP bought 3Com in 2010. Trend Micro's plan is to combine some of its existing assets with the TippingPoint technologies to build a new Network Defense business unit. As was the case under both 3Com and HP, the Tipping Point name is likely to remain in place. "Trend Micro intends to retain the TippingPoint brand for its Network Defense line of business," Steve Quane, executive vice president, Network Defense, Trend Micro, told eWEEK. TippingPoint builds and develops network security devices, including intrusion-prevention systems (IPS) hardware. TippingPoint is also known for its research efforts, which include Digital Vaccine Labs (DVLabs) and the Zero-Day Initiative. ZDI is celebrating its 10th anniversary this year as an effort that pays security researchers for vulnerabilities. ZDI also operates the Pwn2own hacking competition, which awards researchers for exploiting Web browsers and mobile devices. Under Trend Micro's ownership, DVLabs and ZDI will play key roles, Quane said. "DVLabs and ZDI will continue to operate within our Network Defense line of business, and we will expand and leverage their expertise across the full range of Trend Micro solutions," Quane said. HP—which is currently in the final stages of a corporate split, with HP Inc. handing consumer products and printing areas, and HP Enterprise handling the enterprise software and technology assets—isn't totally abandoning the security business. Among HP Enterprise's security assets are the ArcSight SIEM (security information and event management), Fortify code and application security portfolio as well as the HP Data Security product groups. "With the upcoming transition to the new Hewlett Packard Enterprise, we are sharpening our focus on protecting the digital enterprise, investing in offerings that help customers protect users, applications and data and secure the interactions between them regardless of location or device," HP stated in a blog post. "TippingPoint has been an important component of our security offering, but we have decided to partner in network security as opposed to [owning a business in this space] so we can invest in other areas of our security portfolio." Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

VU#840844: HP Photosmart B210 printer SMB server buffer overflow vulnerability

The HP Photosmart B210 printer utilizes an SMB server for managing the print queue. An invalid SMB packet may cause a denial of service condition,requiring the printer to be restarted.

VU#966927: HP Client Automation and Radia Client Automation is vulnerable to...

Radia Client Automation(previously sold under the name HP Client Automation)agent prior to version 9.1 is vulnerable to arbitrary remote code execution.

VU#842252: HP ArcSight Logger contains multiple vulnerabilities

HP ArcSight Logger contains multiple vulnerabilities,allowing authentication bypass and privilege escalation in certain scenarios.