543 matches found
Microsoft Security Update Validation Report September 2021
Microsoft’s September 2021 security updates have passed Citrix testing the updates are listed below. The testing is not all-inclusive; all tests are executed against English only environments and issues may still be found upon implementation. Follow best practices for testing and installing...
Optimize Vulnerability Remediation with Proactive Zero-Touch Patch
Vulnerability remediation is a complex task, and most organizations struggle to identify, prioritize and remediate vulnerabilities efficiently. With the rise in vulnerability discovery, there is a correlating increase in ransomware attacks initiated through unpatched vulnerabilities. This has led...
Attackers Actively Exploiting Realtek SDK Flaws
Threat actors zeroing in on command injection vulnerabilities reported in Realtek chipsets just days after multiple flaws were discovered in the software developers kits SDK deployed across at least 65 separate vendors. On Aug. 16 multiple Realtek vulnerabilities were disclosed by IoT Inspector...
Top Routinely Exploited Vulnerabilities
Summary This Joint Cybersecurity Advisory was coauthored by the U.S. Cybersecurity and Infrastructure Security Agency CISA, the Australian Cyber Security Centre ACSC, the United Kingdom’s National Cyber Security Centre NCSC, and the U.S. Federal Bureau of Investigation FBI. This advisory provides...
Security Updates for Microsoft Office Products (August 2021) (deprecated)
This plugin has been deprecated as all click to run checks have been moved to separate plugins. C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 2022/06/09. Deprecated by smbntms21augofficec2r.nasl. The descriptive text and package checks in this plugin were extracted from the Microsoft...
CISA’s Top 30 Bugs: One’s Old Enough to Buy Beer
In a perfect world, CISA would laminate cards with the year’s top 30 vulnerabilities: You could whip it out and ask a business if they’ve bandaged these specific wounds before you hand over your cash. This is not a perfect world. There are no laminated vulnerability cards. But at least we have th...
Top 30 Critical Security Vulnerabilities Most Exploited by Hackers
Intelligence agencies in Australia, the U.K., and the U.S. issued a joint advisory on Wednesday detailing the most exploited vulnerabilities in 2020 and 2021, once again demonstrating how threat actors are able to swiftly weaponize publicly disclosed flaws to their advantage. "Cyber actors contin...
Fix of CVE: CVE-2021-23240
sudo-1.8.6p3-CVE-2021-23240-2.patch: fixed issue with credentials management in sudoedit - sudo-1.8.6p3-CVE-2021-23240-3.patch: fixed issue with origin file removal in sesh...
3 Steps to Strengthen Your Ransomware Defenses
The recent tsunami of ransomware has brought to life the fears of downtime and data loss cybersecurity pros have warned about, as attacks on the energy sector, food supply chain, healthcare industry, and other critical infrastructure have grabbed headlines. For the industry experts who track the...
Microsoft & Adobe Patch Tuesday (May 2021) – Qualys covers 85 Vulnerabilities, 26 Critical
Microsoft Patch Tuesday – May 2021 Microsoft patched 55 CVEs in their May 2021 Patch Tuesday release, of which 4 are rated as critical severity. Three 0-day vulnerability patches were included in the release. As of this publication date, none have been exploited. Qualys released 12 QIDs on the sa...
What is Vulnerability Assessment and How to Prevent Them❓
A vulnerability assessment is an essential starting step to surveying your association’s receptiveness to security challenges, including physical and computerized security. It can likewise be portrayed as a lot of specific tests planned to recognize deficiencies in your network and its key...
Internet Explorer help
None None...
Rapid7's 2021 ICER Takeaways: Version Complexity Among the Fortune 500
This blog post covers key takeaways from our 2021 Industry Cyber-Exposure Report ICER: Fortune 500. Original analysis for these findings was conducted by Bob Rudis. Complexity is the enemy when it comes to successful security outcomes in an organization. Diversity in systems, technologies, and...
Security update for openexr (important)
openSUSE Security Update: Security update for openexr Announcement ID: openSUSE-SU-2021:0670-1 Rating: important References: 1184353 1184354 1184355 1185216 1185217 Cross-References: CVE-2021-20296 CVE-2021-23215 CVE-2021-26260 CVE-2021-3477 CVE-2021-3479 CVSS scores: CVE-2021-20296 NVD : 5.3...
Manage Linux Patching with Qualys VMDR
As attacks on infrastructure continue to increase, security teams are looking to go beyond detection and response by eliminating the root cause of the attacks -- unpatched vulnerabilities. With the majority of production systems running Linux, IT teams have been looking for a single, efficient...
Introducing “This Month in Patches” Webinar Series
It’s no secret that the number of vulnerabilities is on the rise, and so too are the attempts by hackers to exploit them as quickly as they can. Over the last few years, the average time from vulnerability disclosure to exploit is down to a mere seven days. Organizations therefore need to move...
Unified Dashboard Preview for Enhanced Security Visualization
Qualys has introduced the Unified Dashboard Framework UDF to enrich your dashboarding experience. Unified Dashboard UD brings information from all Qualys applications into a single place for visualization. UD adds a powerful new dashboarding framework to the Qualys Cloud Platform that will be...
Internet Explorer help
None None...
On Vulnerability-Adjacent Vulnerabilities
At the virtual Enigma Conference, Googles Project Zeros Maggie Stone gave a talk about zero-day exploits in the wild. In it, she talked about how often vendors fix vulnerabilities only to have the attackers tweak their exploits to work again. From a MIT Technology Review article: Soon after they...
Expand Your Vulnerability & Patch Management Program to Mobile Devices with Qualys VMDR
As mobile devices have become ubiquitous in almost every business process, whether in bank branches, manufacturing sites or retail stores, they are now hosting business applications and data that is subject to regulatory compliance and security. With access to critical corporate resources inside...