Okta Advanced Server Access Client 命令注入漏洞

Okta Advanced Server Access Client is a zero-trust identity and access management for cloud and local infrastructures from Okta USA. A security vulnerability exists in Okta Advanced Server Access Client versions 1.13.1 through 1.65.0 that stems from the presence of a command injection vulnerabili...

Cloud-Native Application Protection (CNAPP): What's Behind the Hype?

There's no shortage of acronyms when it comes to security product categories. DAST, EDR, CWPP — it sometimes feels like we're awash in a sea of letters, and that can be a little dizzying. Every once in a while, though, a new term pops up that cuts through the noise, thanks to a combination of...

Hashicorp Terraform Enterprise Log Information Disclosure Vulnerability

Hashicorp Terraform, an open source tool for pre-provisioning and managing cloud infrastructures from HashiCorp USA, has a log information disclosure vulnerability that stems from HashiCorp Terraform Enterprise inserting sensitive information into log files. An attacker could exploit this...

NSA and CISA Release Guidance on Securing 5G Cloud Infrastructures

CISA has announced the joint National Security Agency NSA and CISA publication of the second of a four-part series, Security Guidance for 5G Cloud Infrastructures. Part II: Securely Isolate Network Resources examines threats to 5G container-centric or hybrid container/virtual network, also known ...

NSA-CISA Series on Securing 5G Cloud Infrastructures

The National Security Agency NSA and CISA have published the first of a four-part series, Security Guidance for 5G Cloud Infrastructures. Security Guidance for 5G Cloud Infrastructures – Part I: Prevent and Detect Lateral Movement provides recommendations for mitigating lateral movement attempts ...

Rocke Group’s Malware Now Has Worm Capabilities

Researchers have identified an updated malware variant used by the cybercrime gang Rocke Group that targets cloud infrastructures with crypto-jacking attacks. The malware is called Pro-Ocean, which was first discovered in 2019, and has now been beefed-up with “worm” capabilities and rootkit...

Secure Cloud Infrastructures with Application Security

Watch this video to see how applications can be simplified with serverless technologies and how security and monitoring controls can be seamlessly maintained in these constrained environments...

Video Training Update, July 2019

The Qualys Training team released a major update to the Vulnerability Management Certified Training Course. We’ve also built out two new video libraries showing how to assess business process risk and how to secure cloud infrastructures in DevSecOps environments using AWS Golden AMI pipelines. An...

Partner Perspectives: Endpoint Security Analytics with Sumo Logic and Carbon Black

As the threat landscape continues to expand, having end-to-end visibility across your modern application stack and cloud infrastructures is crucial. Customers cannot afford to have blind spots in their environment; and that includes data being ingested from third-party tools. With the industry...

RSA: Chaos In the Security World, And the Situation Is Perfect

Right on cue this week, the anarchic hacking collective Anonymous stepped up and grabbed the story line away from the lions of the IT security industry. With the annual RSA Conference set to begin, the whistle blowing site Wikileaks released the first of some five million e-mail messages stolen...