Secure Your Business with Qualys’ New Cloud Agent Deployment using Qualys Scanner

The significance of cybersecurity in today’s world cannot be understated. Businesses are constantly exposed to evolving threats that challenge their infrastructure. Organizations deploy various security solutions to combat these risks, including agents installed on their servers, endpoints, and...

KB5029375 - Description of the security update for SQL Server 2017 GDR: October 10, 2023

KB5029375 - Description of the security update for SQL Server 2017 GDR: October 10, 2023 Summary Improvements and fixes included in this update How to obtain and install the update More information File information Information about protection and security Summary This security update contains a...

PCspooF: New Vulnerability Affects Networking Tech Used by Spacecraft and Aircraft

--- Credit: Marina Minkin A novel attack method has been disclosed against a crucial piece of technology called time-triggered ethernet TTE that's used in safety-critical infrastructure, potentially causing the failure of systems powering spacecraft and aircraft. Dubbed PCspooF by a group of...

Your OT Is No Longer Isolated: Act Fast to Protect It

Not too long ago, there was a clear separation between the operational technology OT that drives the physical functions of a company – on the factory floor, for example – and the information technology IT that manages a company's data to enable management and planning. As IT assets became...

EDR vs MDR vs XDR – What’s the Difference?

Cyberattacks are rapidly evolving, leaving businesses and their IT security teams to handle immense workloads. Keeping up with todays cyberthreats not only involves staying up to date in an ever-changing threat landscape, it also involves managing complex security infrastructure and technologies...

Criminals are applying for remote work using deepfake and stolen identities, says FBI

The FBI has warned businesses of an uptick in reports of criminals applying for remote work using deepfake and stolen PII personally identifiable information. A deepfake is essentially created or modified media image, video, or audio, often with the help of artificial intelligence AI and machine...

Security Bulletin: Vulnerability in SSLv3 affects multiple IBM Security Infrastructure appliances (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in multiple IBM Infrastructure appliances. Vulnerability Details CVE-ID: CVE-2014-3566 DESCRIPTION: Product could allow a remote attacker to obtai...

Top Black Hat USA Sessions for Qualys Customers

Black Hat USA is known for cutting-edge security research, and this year’s conference is no different. If you’re a Qualys customer, here are some Black Hat sessions we think youll find relevant. Next-Gen DFIR: Mass Exploits & Supplier Compromise An investigation of real “next-gen” digital forensi...

Mind the Gap: Securely Embracing the Digital Explosion

State and local governments are weathering a digital explosion. The move to "virtual everything" means that greater amounts of information are being produced and transmitted electronically, but the digital infrastructure powering these operations is straining under the weight. This shift is...

How ViacomCBS Digital delivers uninterrupted content streaming to millions of fans without compromising security: Lessons for enterprise CISOs

Each day, ViacomCBS Digital sees a growing surge in digital content demand—from MTV and Comedy Central to CBS Sports, rushing across its Paramount+ formerly CBS All Access streaming platform. Delivering digital content to millions of users on a daily basis doesn’t happen on its own—it makes it to...

Top MSPs challenges in 2021

If one searches for ‘the top MSP challenges’ between 2017 and 2020, there are mainly five things that are more likely to emerge from the search results: adopting cloud-based solutions, sales margins, satisfying complex client’s needs, employee turnover, and the scalability of the IT security...

Calculating the Benefits of the Advanced Encryption Standard

NIST has completed a study -- it was published last year, but I just saw it recently -- calculating the costs and benefits of the Advanced Encryption Standard. From the conclusion: The result of performing that operation on the series of cumulated benefits extrapolated for the 169 survey...

Partner Perspectives: Blending Analytics with Endpoint Detection and Response Better Defends the Modern Worker

Ryan Stolte is the co-founder and CTO for Bay Dynamics. There are clearly many reasons why Endpoint Detection and Response EDR has materialized into such a hotbed of interest, investment and emerging best practices - endpoint security must continually evolve within the context of threats and...

Partner Perspectives: Put Access Control in Context with ClearPass and Carbon Black

Paul Kaspian is a Senior Product & Solutions Marketing Manager for Aruba, a Hewlett Packard Enterprise company. Strengthen your security defenses by considering endpoint context in access control decisions. As enterprise security continues to evolve, organizations are constantly deploying new...

Stronger Security with Global IT Asset Inventory

On a Friday afternoon before a long holiday weekend, a company’s security operations center receives a potentially serious alert: It appears that a domain controller has been tampered with. After examining event logs and overlaying network traffic, a SOC analyst confirms that a suspicious system...

Privacy Questions Raised as Tech Giants Join Forces on Data Portability

A veritable who’s who of tech giants from Google, Facebook, Microsoft and Twitter, went public last week with a partnership on a standards initiative called the Data Transfer Project DTP, built to enable data portability between cloud platforms. But security researchers believe the project’s...

UBUNTU-CVE-2017-16816

The condorschedd component in HTCondor before 8.6.8 and 8.7.x before 8.7.5 allows remote authenticated users to cause a denial of service daemon crash by leveraging use of GSI and VOMS extensions...

DEBIAN-CVE-2017-16816

The condorschedd component in HTCondor before 8.6.8 and 8.7.x before 8.7.5 allows remote authenticated users to cause a denial of service daemon crash by leveraging use of GSI and VOMS extensions...

Moloch - An Open Source, Large Scale, Full Packet Capturing, Indexing, And Database System

Moloch is an open source, large scale, full packet capturing, indexing, and database system. Moloch augments your current security infrastructure to store and index network traffic in standard PCAP format, providing fast, indexed access. An intuitive and simple web interface is provided for PCAP...

Layered Security Without the Layered Complexity

With the recent influx of news reports regarding security incidents, more Chief Information Security Officers CISOs, Chief Information Officers CIOs, and IT professionals are reviewing current security infrastructures, policies, and practices to identify potential weaknesses in their security...