Lucene search
K
QualysblogRecent

1089 matches found

Qualys Blog
Qualys Blog
added 2023/01/18 12:43 a.m.126 views

The January 2023 Oracle Critical Patch Update

This Oracle Critical Patch Update contains a group of patches for multiple security vulnerabilities that address 327 new security patches. Some of the vulnerabilities addressed this month impact various products. These patches address vulnerabilities in Oracle code and in third-party components...

10CVSS1.2AI score0.99931EPSS
Exploits142
Qualys Blog
Qualys Blog
added 2023/01/16 11:46 a.m.438 views

Detection of Vulnerabilities in JavaScript Libraries

JavaScript is a popular programming language which is an integral component while developing interactive and dynamic web applications. It allows developers to create engaging and responsive user interfaces, handling complex web page elements, enhancing the overall functionality of the application...

5CVSS8.6AI score0.05664EPSS
Exploits1
Qualys Blog
Qualys Blog
added 2023/01/10 9:9 p.m.78 views

The January 2023 Patch Tuesday Security Update Review

As we enter the first second Tuesday of the year, it is noteworthy that both Microsoft and Adobe have released their latest security updates and fixes. We invite you to join us as we review and discuss the particulars of these essential security patches. Microsoft Patches for January 2023 Microso...

1.1AI score0.41538EPSS
Exploits0
Qualys Blog
Qualys Blog
added 2023/01/10 4:39 p.m.10 views

Driving CISA Compliance with Qualys

How CyberSecurity Asset Management with External Attack Surface Management Improves Compliance for the Protection of National Infrastructure Since 2018, the Cybersecurity and Infrastructure Security Agency CISA of the U.S. government has focused on reducing risk and building resilience to cyber a...

0.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/01/03 11:44 a.m.24 views

Implement Risk-Based Vulnerability Management with Qualys TruRisk™: Part 3

In this final blog of the series, we will discuss the importance of implementing effective risk-based remediation strategies to reduce the risk of vulnerabilities being exploited in your environment. In the earlier blogs, we covered how to operationalize Qualys TruRisk and to effectively visualiz...

1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/01/03 9:9 a.m.25 views

BitRAT Now Sharing Sensitive Bank Data as a Lure

Introduction In June of 2022 Qualys Threat Research Unit TRU wrote an in-depth report on Redline, a commercial off the shelf infostealer that spreads via fake cracked software hosted on Discord’s content delivery network. Since then, we have continued to track similar threats to identify their...

0.6AI score
Exploits0
Qualys Blog
Qualys Blog
added 2022/12/29 7:5 p.m.198 views

Qualys Threat Research Unit: Threat Thursdays, December 2022

Welcome to the fourth edition of the Qualys Threat Research Unit’s TRU “Threat Research Thursday”, where we collect and curate notable new tools, techniques, procedures, threat intelligence, cybersecurity news, malware attacks, and more. This also happens to be the last edition for the year...

7.5CVSS0.5AI score0.96284EPSS
Exploits6
Qualys Blog
Qualys Blog
added 2022/12/16 2:34 p.m.84 views

Implement Risk-Based Vulnerability Management with Qualys TruRisk™ : Part 2

This blog is a continuation of our first blog on implementing risk-based vulnerability management with Qualys TruRiskTM. In the first blog, we covered how to correctly tag and categorize assets for accurate risk assessment. Now that you have properly tagged your assets, Qualys TruRiskTM will...

7.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2022/12/13 11:17 p.m.75 views

The December 2022 Patch Tuesday Security Update Review

Welcome to the final second Tuesday of the year. As expected, Microsoft and Adobe have released their latest security updates and fixes. Take a break from your holiday preparations and join us as we review the details of the latest security patches. Microsoft Patches for December 2022 In this...

0.82081EPSS
Exploits4
Qualys Blog
Qualys Blog
added 2022/12/13 7:21 a.m.18 views

Dissecting the Empire C2 Framework

Introduction In this blog we will be taking a quick dive into Empire, a popular open-source post-exploitation framework. Empire provides an adversary with the capability to expand his foothold in a victim’s environment by leveraging hundreds of modules, RATs in multiple languages and stealthy C2...

7.4AI score
Exploits0
Qualys Blog
Qualys Blog
added 2022/12/12 7:29 p.m.38 views

Implement Risk-Based Vulnerability Management with Qualys TruRisk™ : Part 1

For today’s CISOs, managing cyber risk is Job 1 priority, and it’s a full-time concern. Security practitioners are spending a considerable amount of time responding to cybersecurity threats and finding ways to reduce risk from threats that are unknown. Earlier this year Qualys introduced Qualys...

6.9AI score
Exploits0
Qualys Blog
Qualys Blog
added 2022/12/03 5:24 a.m.82 views

The 9th Google Chrome Zero-Day Threat this Year – Again Just Before the Weekend

Google has released yet another security update for the Chrome desktop web browser to address a high-severity vulnerability that is being exploited in the wild. This is the ninth Chrome zero-day fixed this year by Google. This security bug CVE-2022-4262; QID 377804 is a Type Confusion vulnerabili...

6.8CVSS0.70461EPSS
Exploits8
Qualys Blog
Qualys Blog
added 2022/12/01 11:11 p.m.111 views

Identify Server-Side Attacks Using Qualys Periscope

Qualys previously announced the introduction of Qualys Periscope in 2020. This technology allows Qualys Web Application Scanning WAS to detect out-of-band vulnerabilities such as server-side request forgery SSRF. Qualys Periscope provides confirmed detections for additional vulnerabilities, such ...

9.3CVSS0.3AI score0.99999EPSS
Exploits555
Qualys Blog
Qualys Blog
added 2022/12/01 7:25 a.m.19 views

Effective Vulnerability Management with Stakeholder Specific Vulnerability Categorization (SSVC) and Qualys TruRisk

Security stakeholders across the globe have long relied on the Common Vulnerability Scoring System CVSS to prioritize vulnerabilities and assess their risk posture. The reason why the CVSS has become the standard for many security and vulnerability management teams alike is that this method is ea...

0.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2022/11/30 11:29 p.m.50 views

Snapd Race Condition Vulnerability in snap-confine’s must_mkdir_and_open_with_perms() (CVE-2022-3328)

The Qualys Threat Research Unit TRU has discovered a new vulnerability in snap-confine function on Linux operating systems, a SUID-root program installed by default on Ubuntu. Qualys recommends that security teams apply the patch for this vulnerability as soon as possible. In February 2022, Qualy...

6.9CVSS8.2AI score0.00966EPSS
Exploits7
Qualys Blog
Qualys Blog
added 2022/11/30 8:11 p.m.19 views

Qualys Broadens Security Offerings for Oracle Cloud Infrastructure

As organizations increase their use of public cloud platforms, they encounter cloud-specific security and compliance threats, which can be challenging to address without the right tools and processes. Organizations’ cloud security difficulties lie in two main areas: Lack of visibility into their...

Exploits0
Qualys Blog
Qualys Blog
added 2022/11/29 6:26 p.m.51 views

Don’t Spend Your Holiday Season Patching Chrome

As we come back from our Thanksgiving holidays, Google has released yet another security update for the Chrome desktop web browser to address a high-severity vulnerability that exists in the wild. This is the eighth Chrome zero-day fixed this year by Google. This security bug CVE-2022-4135; QID...

0.5AI score0.31864EPSS
Exploits2
Qualys Blog
Qualys Blog
added 2022/11/22 10:0 a.m.19 views

Ease Your Cybersecurity Maturity Model Certification Journey With Qualys

The Cybersecurity Maturity Model Certification CMMC is a cybersecurity training, certification, and assessment program from the United States Department of Defense DoD. CMMC is designed to provide increased assurance to the DoD that a contractor can adequately protect controlled unclassified...

0.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2022/11/15 1:48 a.m.16 views

QSC 2022: That’s a Wrap!

Over the years, the threat landscape has exploded, and bad actors have become increasingly sophisticated, making the demand for cloud security platforms - that save security teams time and increase efficiency - a must-have for every cyber arsenal. This was underscored last week at QSC 2022 Las...

7.7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2022/11/14 10:1 p.m.20 views

QSC 2022: Listening to the Voice of the Customer

It would be redundant to state that today’s threat landscape is growing increasingly sophisticated and erratic. With all types of attacks becoming “commonplace,” the baseline for normal is abnormal. Bad actors are taking advantage of whatever attack vector they can whether that is a phishing...

7.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2022/11/11 1:28 a.m.82 views

QSC 2022: Qualys’ Threat Research Unit (TRU) – Our Shield Is Your Shield

Day two of QSC profiled the special launch of the Qualys Threat Research Unit, TRU. Taking the audience through a madcap tour of what the threat research unit is doing to provide intelligence and actionable insights into its census was Travis Smith, VP of Qualys Threat Research Unit. He dove deep...

7.2CVSS8.9AI score0.94921EPSS
Exploits151
Qualys Blog
Qualys Blog
added 2022/11/10 7:16 p.m.23 views

QSC 2022 Day 1 Recap: Qualys Gives Organizations More Security in an Ever-Expanding Threat Landscape

The first day of Qualys’ annual security conference in Vegas was filled with a series of presentations by Qualys executives, product managers and customers’ stories about how they used the various security products. The keynotes given by Shark Tank celebrity businessman and CEO of Cyderes, Robert...

7.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2022/11/09 11:36 p.m.16 views

QSC 2022 Kickoff: Quantifying and Qualifying Digital Cyber Risks

Qualys’ annual security conference returned to a live-only event this week at the Venetian Hotel in Las Vegas, and the keynote addresses started things off on a very practical note… about selling coconuts, toasters, and carbon monoxide detectors. The first two keynotes featured speeches from both...

7.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2022/11/08 9:0 p.m.88 views

November 2022 Patch Tuesday | Microsoft Releases 65 New Vulnerabilities with 10 Critical; Adobe Releases Zero Advisories (for the first time in six years).

Microsoft Patch Tuesday Summary Microsoft has fixed 65 new vulnerabilities aka flaws in the November 2022 update, including ten 10 vulnerabilities classified as Critical as they allow Denial of Service DoS, Elevation of Privilege EoP, and Remote Code Execution RCE. This months Patch Tuesday...

0.2AI score0.99964EPSS
Exploits68
Qualys Blog
Qualys Blog
added 2022/11/08 5:12 p.m.39 views

Get Your Patch Tuesday Vulnerabilities Patched on Tuesday

Every IT person is familiar with Patch Tuesdays. It’s the time of the month where IT needs to put their daily work aside and prepare for patching their entire IT environment. However, for many organizations Patch Tuesday is not a single event that occurs as an isolated point in time. It typically...

0.4AI score
Exploits0
Qualys Blog
Qualys Blog
added 2022/11/03 5:0 p.m.74 views

OpenSSL Vulnerability Recap

Last week a CRITICAL vulnerability in OpenSSL was pre-announced to give organizations a head start in coming up with a playbook for how to address the highest severity OpenSSL vulnerability since Heartbleed in 2014. A lot of effort was put in by vendors and organizations alike to come up with a...

8.4AI score0.91153EPSS
Exploits7
Qualys Blog
Qualys Blog
added 2022/11/01 1:27 p.m.287 views

Why Is Snapshot Scanning Not Enough?

As new scanning technologies are released, their supposed superiority is touted over the others. The problem is, however, that there is no best scanning technology, all of them have strengths and limitations. If recent claims from several vendors are believed, a “best” scanning method called...

10CVSS10AI score0.99999EPSS
Exploits479
Qualys Blog
Qualys Blog
added 2022/11/01 12:55 p.m.21 views

Introducing TotalCloud – Cloud Security Simplified

The shift of business applications and on-premises infrastructure to the cloud has resulted in cloud security teams needing to manage the cyber security risks across the workloads, cloud services, resources, users, and applications. Today, security teams must deal with a set of siloed...

0.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2022/10/31 2:15 p.m.89 views

Qualys Research Alert: OpenSSL 3.0.7 – What You Need To Know

On Tuesday, November 1, 2022, the OpenSSL project released a new version of OpenSSL with version 3.0.7. This update patches two buffer overflow vulnerabilities which can be triggered in X.509 certificate verification. These vulnerabilities only apply to OpenSSL 3.x. Both these vulnerabilities are...

8.6AI score0.91153EPSS
Exploits6
Qualys Blog
Qualys Blog
added 2022/10/28 10:7 p.m.56 views

Don’t spend another weekend patching Chrome

As we head into the weekend, Google has released an emergency security update for the Chrome desktop web browser to address a high-severity vulnerability known to be exploited in the wild. This is the seventh Chrome zero-day fixed this year by Google. This security bug CVE-2022-3723; QID 377721 i...

9.2AI score0.0675EPSS
Exploits1
Qualys Blog
Qualys Blog
added 2022/10/28 7:40 p.m.63 views

Chrome Zero Day – Just Before the Weekend (again)

As we head into the weekend, Google has released an emergency security update for the Chrome desktop web browser to address a high-severity vulnerability known to be exploited in the wild. This is the seventh Chrome zero-day fixed this year by Google. This security bug CVE-2022-3723; QID 377721 i...

9AI score0.0675EPSS
Exploits1
Qualys Blog
Qualys Blog
added 2022/10/28 12:58 a.m.76 views

Qualys Research Team: Threat Thursdays, October 2022

Welcome to the third edition of the Qualys Research Team’s “Threat Research Thursday”, where we collect and curate notable new tools, techniques, procedures, threat intelligence, cybersecurity news, malware attacks, and more. Feedback on our second edition, Qualys Threat Research Thursday, is mor...

0.99984EPSS
Exploits53
Qualys Blog
Qualys Blog
added 2022/10/27 5:59 p.m.171 views

Text4Shell: Detect, Prioritize and Remediate The Risk Across On-premise, Cloud, Container Environment Using Qualys Platform

On 2022-10-13, Apache Security Team disclosed a critical vulnerability with CVE-2022-42889 affecting the popular Apache Commons Text library. This vulnerability is popularly named “Text4Shell” which when exploited can allow an unauthenticated attacker to execute arbitrary code on the vulnerable...

0.1AI score0.99931EPSS
Exploits41
Qualys Blog
Qualys Blog
added 2022/10/26 3:0 p.m.20 views

Join Us November 7-10 for Qualys Security Conference 2022 Las Vegas!

Get ready for our annual event for cybersecurity professionals: Qualys Security Conference 2022 Las Vegas! This years theme is Get More Security which emphasizes simplifying security to drive better outcomes. At the event, you will experience two days of training followed by two days of keynotes,...

0.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2022/10/26 4:8 a.m.43 views

Fingerprinting Web Applications and APIs using Qualys Web Application Scanning

Decoding the impact of Fingerprinting Organizations develop an effective, actionable go-to-market plan to launch a profitable product into the target market. A go-to-market strategy predicts market demand by analyzing market research, competitor data, and previous examples. Without a solid...

6.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2022/10/26 1:57 a.m.51 views

Leeloo Multipath: Authorization bypass and symlink attack in multipathd (CVE-2022-41974 and CVE-2022-41973)

The Qualys Research Team has discovered two vulnerabilities in multipathd, the most important of which can be exploited for authorization bypass. Qualys recommends security teams apply patches for these vulnerabilities as soon as possible. The Qualys Research Team combined these two vulnerabiliti...

0.2AI score0.00658EPSS
Exploits5
Qualys Blog
Qualys Blog
added 2022/10/25 9:55 p.m.263 views

CVE-2022-42889: Detect Text4Shell via Qualys Container Security

A new critical vulnerability CVE-2022-42889 Text4Shell in Apache Commons Text library was reported by Alvaro Muñoz. The vulnerability, when exploited could result in remote code execution RCE applied to untrusted input due to insecure interpolation defaults. As a result, this CVE is rated at CVSS...

1.6AI score0.99931EPSS
Exploits41
Qualys Blog
Qualys Blog
added 2022/10/17 7:36 p.m.16 views

CISA BOD 23-01: Meeting and Exceeding CISA Requirements with Qualys

The latest Binding Operational Directive from the Cybersecurity and Infrastructure Security Agency CISA BOD 23-01 requires agencies to implement an essential cybersecurity practice within the next 6 months. While this new mandate impacts agencies directly, it also impacts their supply chain...

Exploits0
Qualys Blog
Qualys Blog
added 2022/10/13 12:2 p.m.21 views

Not Your Average FIM: Why Customers Choose Qualys FIM

Choosing the right FIM solution is a crucial step for an organization. One should not need professional services just to onboard or manage. Traditional FIM solutions with legacy architecture are either too noisy or too hard to use. The market demands an intelligent FIM solution that is easy to...

0.7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2022/10/12 4:31 p.m.19 views

Creating Awareness of External JavaScript Libraries in Web Applications

Qualys Web Application Scanning WAS routinely reviews and solicits customer feedback regarding vulnerabilities. This may be to enhance the detection or the detections reporting. Previously, all JavaScript libraries detected on an application are reported under the Information Gathering QID 150176...

0.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2022/10/12 3:47 p.m.33 views

Award-winning Qualys Vulnerability and Compliance Solution now available on IBM zSystems & LinuxONE

Todays modern IBM mainframe is central to hybrid cloud environments, valued by two-thirds of the Fortune 100 as a highly secured platform for running mission-critical workloads. Not surprisingly, according to a recent IBM commissioned study by Celent, it is estimated that 70% of global bank cards...

0.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2022/10/11 9:45 p.m.25 views

JSON Web Token (JWT) Weaknesses

JSON Web Tokens, or JWTs, are an encoded set of claims commonly seen in REST APIs and Single page web applications SPAs. These encoded claims are used to provide identification of the requester and other information related to accessing. It is a stateless mechanism, and the token is sent with eve...

Exploits0
Qualys Blog
Qualys Blog
added 2022/10/11 8:0 p.m.508 views

October 2022 Patch Tuesday | Microsoft Releases 84 Vulnerabilities with 13 Critical, plus 12 Microsoft Edge (Chromium-Based); Adobe Releases 4 Advisories, 29 Vulnerabilities with 17 Critical.

Microsoft Patch Tuesday Summary Microsoft has fixed 84 vulnerabilities aka flaws in the October 2022 update, including 13 vulnerabilities classified as Critical as they allow Elevation of Privilege EoP, Remote Code Execution RCE, and Spoofing. This months Patch Tuesday fixes two 2 zero-day...

0.99984EPSS
Exploits53
Qualys Blog
Qualys Blog
added 2022/10/10 2:32 p.m.133 views

In-Depth Look Into Data-Driven Science Behind Qualys TruRisk

Vulnerability Management is a foundational component of any cybersecurity program for the implementation of appropriate security controls and the management of cyber risk. Earlier this year Qualys introduced the latest iteration of its vulnerability management product VMDR 2.0 with TruRisk which...

9.3CVSS9AI score0.99987EPSS
Exploits79
Qualys Blog
Qualys Blog
added 2022/10/07 8:3 p.m.169 views

NSA Alert: Topmost CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors

On October 6, 2022, the United States National Security Agency NSA released a cybersecurity advisory on the Chinese government—officially known as the People’s Republic of China PRC states-sponsored cyber actors activity to seek national interests. These malicious cyber activities attributed to t...

10CVSS1AI score0.99999EPSS
Exploits959
Qualys Blog
Qualys Blog
added 2022/10/05 4:27 p.m.28 views

Qualys Performance Tuning Series – Remove Stale Assets for Best Performance

As organizations transition to the cloud, their cloud environments and assets rapidly grow. Many of the assets within the cloud are ephemeral in nature, they exist for a few minutes, hours or days and then are terminated. These transitory assets pose a unique challenge from an asset and...

0.3AI score
Exploits0
Qualys Blog
Qualys Blog
added 2022/10/03 9:19 a.m.48 views

WhatsApp Fixed Critical Vulnerabilities that Could Let an Attacker Hack Devices Remotely – Automatically Discover and Remediate Using VMDR Mobile

WhatsApp has recently fixed critical and high-severity vulnerabilities affecting WhatsApp for Android, WhatsApp Business for Android, WhatsApp for iOS, and WhatsApp Business for iOS. Exploiting these vulnerabilities would be the first step of an attacker installing any malware on the device. In...

0.9AI score0.01933EPSS
Exploits1
Qualys Blog
Qualys Blog
added 2022/09/30 11:25 p.m.510 views

Qualys Response to ProxyNotShell Microsoft Exchange Server Zero-Day Threat Using Qualys Cloud Platform

On September 29, 2022, active attacks against Microsoft Exchange were reported by Vietnamese cybersecurity company GTSC. The researcher at GTSC reported two critical vulnerabilities now named “ProxyNotShell” in Microsoft Exchange Server via two advisories issued by Zero Day Initiative:...

0.8AI score0.99964EPSS
Exploits16
Qualys Blog
Qualys Blog
added 2022/09/30 5:54 p.m.24 views

Spelunking Your Qualys Data with Splunk

For the uninitiated, “spelunking” is the exploration of underground caves and caverns, and it’s not for the faint of heart. This increasingly popular sport involves walking, climbing, crawling, or zip-lining blindly into the dark abyss with only a headlamp… and spiders and bats for company. Lucki...

Exploits0
Qualys Blog
Qualys Blog
added 2022/09/29 2:32 p.m.38 views

Qualys Threat Research Thursday

Welcome to the second edition of the Qualys Research Team’s “Threat Research Thursday”, where we collect and curate notable new tools, techniques, procedures, threat intelligence, cybersecurity news, malware attacks, and more. Feedback on our first edition, Introducing Qualys Threat Research...

0.2AI score0.98905EPSS
Exploits6
Total number of security vulnerabilities1089