5 Exposure Management Best Practices for Your Team

Let's be honest: the traditional approach to vulnerability management is broken. Your team is likely drowning in a sea of alerts, staring at scan reports thousands of lines long, and struggling to figure out what to fix first. This constant state of reactive fire-fighting is exhausting and, worse...

Attack Surface Exposures: A Practical Guide

Many security teams believe their existing tools have them fully covered. With a firewall, endpoint protection, and a vulnerability scanner, it’s easy to assume you can see everything that matters. This is one of the most dangerous myths in cybersecurity today. These tools often operate in silos,...

Risk Fact #2: Weaponized Vulnerabilities Cloud Security Research Risk Fact

Qualys Blog Series – 2023 TotalCloud Security Insights by the Threat Research Unit The 2023 TotalCloud Security Insights report from the Qualys Threat Research Unit TRU provides research insights, best practices, and detailed recommendations organized by five separate Risk Facts. The insights wil...

Qualys Performance Tuning Series – Remove Stale Assets for Best Performance

As organizations transition to the cloud, their cloud environments and assets rapidly grow. Many of the assets within the cloud are ephemeral in nature, they exist for a few minutes, hours or days and then are terminated. These transitory assets pose a unique challenge from an asset and...

Zepl Notebook Sandbox Escape Vulnerability

Exploit Title: Zepl Notebook - Sandbox Escape Vendor Homepage: https://zepl.com/ Software Link: https://app.zepl.com/ Version: Affects all versions of the product up to the date of this submission Tested on: The issue affects all versions of the product up to the date of this submission Exploit...

Mitigating Log4Shell and Other Log4j-Related Vulnerabilities

Summary The Cybersecurity and Infrastructure Security Agency CISA, the Federal Bureau of Investigation FBI, National Security Agency NSA, Australian Cyber Security Centre ACSC, Canadian Centre for Cyber Security CCCS, the Computer Emergency Response Team New Zealand CERT NZ, the New Zealand...

Using Microsoft 365 Defender to protect against Solorigate

Microsoft security researchers continue to investigate and respond to the sophisticated cyberattack known as Solorigate also referred to as Sunburst by FireEye involving a supply chain compromise and the subsequent compromise of cloud assets. While the related investigations and impact assessment...

Attackers use legitimate tool to compromise Cloud based assets

By Sudais Asif While the Cloud offers an excellent chance for firms to host their web services online, it comes with its fair share of disadvantages as well. This is a post from HackRead.com Read the original post: Attackers use legitimate tool to compromise Cloud based assets...

M-Trends 2020: Insights From the Front Lines

Today we release M-Trends 2020, the 11th edition of our popular annual FireEye Mandiant report. This latest M-Trends contains all of the statistics, trends, case studies and hardening recommendations that readers have come to expect through the years—and more. One of the most exciting takeaways...

Qualys Cloud Platform 2.36 New Features

This release of the Qualys Cloud Platform version 2.36 includes updates and new features for AssetView Cloud Assets and Cloud Agents and Web Application Scanning, highlights as follows. AssetView Rules for Cloud Assets and Cloud Agents Rule-Based Method to Purge/Uninstall Cloud Assets and Cloud...

Gain Visibility and Continuous Security Across All Your Public Clouds

As organizations increase their use of public cloud platforms, they encounter cloud-specific security and compliance threats, which can be challenging to address without the right tools and processes. Organizations’ cloud security difficulties lie in two main areas: Lack of visibility into their...

Continuous Monitoring in the Cloud

I recently spoke at the Cloud Security Alliances Federal Summit on the topic "Continuous Monitoring / Continuous Diagnostics and Mitigation CDM Concepts in the Cloud." As government has moved and will continue to move to the cloud, it is becoming increasingly important to ensure continuous...