Positive Research is one of the largest information security research centers in Europe. More than 250 world-class experts in protection of SCADA, ERP, web apps, and bank and telecom systems perform research, pentests, and threat/vulnerability analysis.
Search for all time
Where there’s a JTAG, there’s a way: obtaining full system access via USB

Everyone makes mistakes. These words are certainly true for developers involved in low-level coding, where such common tools as print debugging and software debuggers run into limits. To solve this problem, software and firmware developers at the beginning of x86 age used in-circuit emulators. Now they use JTAG debugging interface. These hardware debugging facilities are also of interest to security researchers. These tools grant low-level system access and bypass important security protections, making it easier for researchers to study a platform's behavior and undocumented features. With Intel Skylake processors, debugging mechanisms were built into the Platform Controller Hub, which opened it up to ordinary users, including malicious ones, who could use it to gain total control over the processor. For security reasons, these mechanisms are not activated by default, but as we show in this research, they can be activated on the equipment sold in common computer stores.

Next-generation networks, next-level cybersecurity problems

In preparation for the brave new world of 5G and IoT, the last few years have seen operators make significant investments in their next-generation networks. However, despite spending billions upgrading from a protocol developed in the 70’s (SS7) to Diameter (4G and 5G), flaws exist that allow an attacker to carry out eavesdropping, tracking, fraud, theft and DoS. This research piece outlines, using examples, how next-generation networks can be abused by an attacker and the steps which can be taken to protect against this.      

Web Application Attack Statistics: Q2 2017

This report provides statistics on attacks performed against web applications during the second quarter of 2017. It describes the most common types of attacks as well as the objectives, intensity, and time distribution of attacks. It also contains industry-by-industry statistics. With this up-to-date picture of attacks, companies and organizations can monitor trends in web application security, identify the most important threats, and focus their efforts during web application development and subsequent protection.

Disabling Intel ME 11 via undocumented mode

Our team of researchers has delved deep into the internal architecture of Intel Management Engine (ME) 11, revealing a mechanism that can disable Intel ME after hardware is initialized and the main processor starts. In this analytical article, the experts describe how they discovered this undocumented mode and how it is connected with the U.S. government's High Assurance Platform (HAP) program.

Cybersecurity Threatscape: Q2 2017

While the security community was following the latest developments involving WannaCry and NotPetya cryptoware, attackers were not sitting idle. In this quarter’s report, we share information on the most important and emerging IT security threats. Information is drawn from our own expertise, outcomes of numerous investigations, and data from authoritative sources.

Positive Research 2017

This year was an eventful one as digital attackers chased new targets in new ways. Along with pentesting and vulnerability audits, Positive Technologies took part in investigations of numerous incidents, including attacks on major banks. We assembled a high-level picture of attacks based on data from our security operations center, pilot projects, and deployments at client companies. As in previous years, we are happy to share the most interesting results in our annual Positive Research journal.

Security trends & vulnerabilities review: web applications (2017)

Every year, web applications expand their presence in more and more areas. Almost every business has its own web applications for clients and for internal business processes. However, application functionality is often prioritized at the expense of security, which negatively affects the security level of the entire business. As a result, web application vulnerabilities provide massive opportunities for malicious actors. By taking advantage of mistakes in application architecture and administration, attackers can obtain sensitive information, interfere with web application functioning, perform DoS attacks, attack application users, penetrate a corporate LAN, and gain access to critical assets.

Security trends & vulnerabilities review: corporate information systems

Information systems at large corporations are like living organisms: they "breathe in" new hosts and systems, grow to accommodate network topology changes, and adapt to new equipment configurations. Ensuring the uninterrupted security of information systems is difficult, with infrastructure scattered across countries and continents, labyrinthine architectures, and a large number of dependencies within and between subsystems. Here we provide an overview of the most common vulnerabilities detected during security audits by Positive Technologies in 2016. In an audit, our experts simulate how actual attackers (external and internal) would try to penetrate corporate systems. This method identifies a large number of protection flaws, including ones impossible to detect in any other way. The research reveals the overall protection level of tested systems and the main tendencies, and includes recommendations for improving corporate information system security.

Cobalt strikes back: an evolving multinational threat to finance

Bank robbery is perhaps the quintessential crime. The promise of immense, instant riches has lured many a criminal to target banks. And while the methods, tools, and scale of robbery have all changed, two things have stayed the same: the enticement of a hefty payday and the fact that no system is perfectly secure. In the modern digital economy, criminals are becoming ever more creative in ways to make off with millions without having to leave home. Despite enormous efforts, security is always a work in progress because of technical vulnerabilities and the human factor. Only a small fraction of banks today are able to withstand targeted attacks of the kind perpetrated by Cobalt, a cybercriminal group first described in 2016 that is currently active worldwide. In this report, we will describe the new techniques used by Cobalt in 2017, the changing target profile, and recommendations on how to avoid becoming their latest victim.

Attacks against ATMs using GreenDispenser: organization and techniques

Researchers at Positive Technologies have demonstrated how easily hackers can compromise ATMs. Having gained access to the front of the machine, a criminal can access USB ports within the device to perform various attacks. These include forcing the machine to dispense cash, install malware to skim card details, and even inject malware back through the network to infect further ATMs. In a report published today, the team also reveal how easily hackers can perform logic attacks against banks, including the recent spate of GreenDispenser malware. There are currently 70,000 ATMs in circulation within the UK and reports confirm that malware is the number one threat they face. Positive Technology predicts that 2017 will see a 30 percent growth in overall cyberattacks against banks, including at the ATM level.

1 2 3 4 Older