Chrome Zero Day – Just Before the Weekend (again)

As we head into the weekend, Google has released an emergency security update for the Chrome desktop web browser to address a high-severity vulnerability known to be exploited in the wild. This is the seventh Chrome zero-day fixed this year by Google. This security bug CVE-2022-3723; QID 377721 i...

Third-party application patching: Everything you need to know for your business

Patch management that is consistent and efficient has never been more critical in keeping your security infrastructure up to date and secure. Although todays endpoint management solutions include patch management functionalities, third-party patching is an area that shouldnt be forgotten. In this...

Software Patch Management Policy Best Practices

Explore the top risk-based patch management policy best practices to mitigate the growing threat of vulnerability exploits in your organization...

Qualys Threat Research Thursday

Welcome to the second edition of the Qualys Research Team’s “Threat Research Thursday”, where we collect and curate notable new tools, techniques, procedures, threat intelligence, cybersecurity news, malware attacks, and more. Feedback on our first edition, Introducing Qualys Threat Research...

A week in security (September 12 – 18)

Last week on Malwarebytes Labs: The North Face hit by credential stuffing attack Facebook engineers aren't sure where all user data is kept 6 patch management best practices for businesses The MSP playbook on deciphering tech promises and shaping security culture Apple puts the password on life...

6 patch management best practices for businesses

Patching is a thorn in the side of many businesses today: Everything from keeping up with the volume of patches to prioritizing what needs to be patched first can cause major delays in a business's patching process. Needless to say, businesses are looking to streamline their patch management...

Let Smart Automation Reduce the Risk of Zero-Day Attacks on Third-Party Applications

Last week, Google released yet another zero-day patch for its Chrome browser to fix a high-severity flaw that was already being exploited. That vulnerability CVE-2022-3075 is the sixth actively exploited zero-day found in Chrome this year. While users are grateful for the urgent patch, it was...

Vulnerability response for SMBs: The Malwarebytes approach

The intel you need to secure your business--delivered straight to your inbox From industry tips and best practices to the latest Malwarebytes product releases and how-tos, our Business newsletter is chock-full with the best of our business blog. Subscribe to our Business newsletter today. At...

Let Smart Automation Reduce the Risk of Zero-Day Attacks on Third-Party Applications

Last week, Google released yet another zero-day patch for its Chrome browser to fix a high-severity flaw that was already being exploited. That vulnerability CVE-2022-3075 is the sixth actively exploited zero-day found in Chrome this year. While users are grateful for the urgent patch, it was...

A week in security (August 22 - August 28)

Last week on Malwarebytes Labs: Cryptojackers growing in numbers and sophistication CISA wants you to patch these actively exploited vulnerabilities before September 8 Reddit users crowdsourcing explicit images and identities Criminals socially engineer their way to bank details with fake arrest...

Introducing Patch Management for OneView

We're thrilled to announce our Patch Management module for OneView, which is paired alongside our Vulnerability Assessment module to help you uncover vulnerabilities, respond to threats, and keep your customers productive and safe. Vulnerability identification and system patching are critical to...

6 reasons MSPs need a patch management platform

Weve all heard the stories: Organizations getting breached like there's no tomorrow thanks to threat actors exploiting unpatched vulnerabilities. Likewise, weve also all heard the familiar refrain: Patch regularly! But for many businesses--including the Managed Service Providers MSPs that serve...

Top Five Patch Management & Process Best Practices

Explore the top patch management best practices to mitigate the growing threat of vulnerability exploits in your organization...

Efficient Infrastructure Testing

Before we start lets set the scene regarding vulnerability assessment. It is imperative that enterprises conduct their own continuous automated scanning, to have up-to-date assessments of threats that their networks may be susceptible to. Infrastructure penetration testing discussed in this blog...

The winding road to compliance

“Here are the keys. Buy milk and bread. Drive safely.” These are important instructions for a new driver tasked with running an errand. But unless the driver knows where they are going, a bit of guidance on how to get to the store can only help. Without it, the driver may complete the errand...

Log4Shell Vulnerability Targeted in VMware Servers to Exfiltrate Data

The Cybersecurity and Infrastructure Security Agency CISA and Coast Guard Cyber Command CGCYBER released a joint advisory warning the Log4Shell flaw is being abused by threat actors that are compromising public-facing VMware Horizon and Unified Access Gateway UAG servers. The VMware Horizon is a...

Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon Systems

CISA and the United States Coast Guard Cyber Command CGCYBER have released a joint Cybersecurity Advisory CSA to warn network defenders that cyber threat actors, including state-sponsored advanced persistent threat APT actors, have continued to exploit CVE-2021-44228 Log4Shell in VMware Horizon®...

Risk-based Remediation Powered by Patch Management in Qualys VMDR 2.0

According to the recently released Verizon DBIR report, vulnerability exploitation continued to be one of the top three attack vectors exploited by bad actors in 2021 to break into organizations. As of this writing, it’s only June, but more than 10,000 vulnerabilities have already been disclosed ...

People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices

Summary Best Practices • Apply patches as soon as possible • Disable unnecessary ports and protocols • Replace end-of-life infrastructure • Implement a centralized patch management system This joint Cybersecurity Advisory describes the ways in which People’s Republic of China PRC state-sponsored...

The Hidden Harm of Silent Patches

Hey all. I'm about to head off to RSAC 2022, but I wanted to jot down some thoughts I've had lately on a particularly squirrelly issue that comes up occasionally in coordinated vulnerability disclosure CVD — the issue of silent patches, and how they tend to help focused attackers and harm IT...