1089 matches found
Remediate Your Vulnerable Lenovo Systems with Qualys Custom Assessment and Remediation
Lenovo disclosed Multi-Vendor BIOS Security Vulnerabilities in September 2022 that affect multiple Lenovo devices. These are high severity vulnerabilities that have the potential of resulting in information disclosure, privilege escalation, and denial of service. Here are the related CVEs:...
Optimizing a Web Application Security Scan for bWAPP
Today almost all organizations have an online presence, with more information accessible at the click of a mouse, making customer experiences much more frictionless. Yet the delivery of great experiences also opens the door to potential hackers intent on compromising the website and its APIs...
Prepare Your Organization for Compliance with the NYDFS Cybersecurity Regulation
Cyberattacks are on the rise, with bad actors accelerating their nefarious exfiltration of valuable and confidential data from financial institutions, Federal agencies, healthcare organizations, and more. According to an IBM study, the Financial Services industry saw an increase in the cost of da...
Why Organizations Struggle with Patch Management (and What to Do about It)
The cybersecurity attack surface continues to grow exponentially. Modern technologies are being deployed on-premises and in the cloud as part of digital transformation journeys. Meanwhile, the current practice of identifying, classifying, prioritizing, and remediating vulnerabilities has become...
September 2022 Patch Tuesday | Microsoft Releases 63 Vulnerabilities with 5 Critical, plus 16 Microsoft Edge (Chromium-Based); Adobe Releases 7 Advisories, 63 Vulnerabilities with 35 Critical.
Microsoft Patch Tuesday Summary Microsoft has fixed 63 vulnerabilities aka flaws in the September 2022 update, including five 5 vulnerabilities classified as Critical as they allow Remote Code Execution RCE. This months Patch Tuesday fixes two 2 zero-day vulnerabilities, with one 1 actively...
Let Smart Automation Reduce the Risk of Zero-Day Attacks on Third-Party Applications
Last week, Google released yet another zero-day patch for its Chrome browser to fix a high-severity flaw that was already being exploited. That vulnerability CVE-2022-3075 is the sixth actively exploited zero-day found in Chrome this year. While users are grateful for the urgent patch, it was...
Let Smart Automation Reduce the Risk of Zero-Day Attacks on Third-Party Applications
Last week, Google released yet another zero-day patch for its Chrome browser to fix a high-severity flaw that was already being exploited. That vulnerability CVE-2022-3075 is the sixth actively exploited zero-day found in Chrome this year. While users are grateful for the urgent patch, it was...
Introducing Qualys Threat Research Thursdays
Welcome to the first edition of the Qualys Research Team’s “Threat Research Thursday” where we collect and curate notable new tools, techniques, procedures, threat intelligence, cybersecurity news, malware attacks, and more. We will endeavor to issue these update reports regularly, as often as...
An End-to-End Approach to Next-Gen Security for Web Applications & APIs
According to Verizon’s 2022 Data Breach Investigations Report, web applications remain both the top hacking vector and data breach pattern, accounting for roughly 70% of security incidents. This is because web applications are everywhere and easily probed for weaknesses. A vulnerability in any...
Mitigating the Risk of Zero-Day Vulnerabilities by using Compensating Controls
Zero-day vulnerability attacks have emerged as a major cybersecurity threat in the last few years. Organizations most often targeted include large enterprises and government/Federal agencies. However, any organization, regardless of its size, business, or industry, is a potential target for...
Qualys VMDR Recognized as Best VM Solution by SC Awards 2022 & Leader by GigaOm
Qualys VMDR has been recognized for its commanding industry leadership by both the 2022 SC Awards and analyst firm GigaOm. SC Magazine has chosen Qualys VMDR as the winner of the Best Vulnerability Management Solution category in its SC Awards 2022. The SC Awards honors the best solutions in...
Atlassian Confluence: Questions for Confluence App Hardcoded Credentials Vulnerability (CVE-2022-26138)
Over the last few months, Atlassian Confluence has increasingly become a target for attackers. In June 2022, a critical severity OGNL Remote Code Execution vulnerability was disclosed CVE-2022-26134. More recently, CVE-2022-26138 was disclosed on social media platforms in July 2022. In...
AsyncRAT C2 Framework: Overview, Technical Analysis & Detection
In this blog we describe the AsyncRAT C2 command & control Framework, which allows attackers to remotely monitor and control other computers over a secure encrypted link. We provide an overview of this threat, a technical analysis, and a method of detecting the malware using Qualys Multi-Vector...
Qualys Security Updates: Cloud Agent for Linux
The security and protection of our customers is of the utmost importance to Qualys, as is transparency whenever issues arise. A customer responsibly disclosed two scenarios related to the Qualys Cloud Agent: 1. For the first scenario, we added supplementary safeguards for signatures running on...
August 2022 Patch Tuesday | Microsoft Releases 121 Vulnerabilities with 17 Critical, plus 20 Microsoft Edge (Chromium-Based); Adobe Releases 5 Advisories, 25 Vulnerabilities with 15 Critical.
Microsoft Patch Tuesday Summary Microsoft has fixed 121 vulnerabilities aka flaws in the August 2022 update, including 17 vulnerabilities classified as Critical as they allow Elevation of Privilege EoP and Remote Code Execution RCE. This months Patch Tuesday fixes two 2 zero-day vulnerabilities,...
Know Your ServiceNow and Qualys Integrations
If you are a current ServiceNow customer interested in cybersecurity, this blog is for you. If you are a Qualys customer who also uses ServiceNow, this blog is for you too. ServiceNow and Qualys have enjoyed a multi-year partnership, being two of the premier SaaS vendors covering the IT and...
A Deep Dive into VMDR 2.0 with Qualys TruRisk™
The old way of ranking vulnerabilities doesn’t work anymore. Instead, enterprise security teams need to rate the true risks to their business. In this blog, we examine each of the risk scores delivered by Qualys TruRisk, the criteria used to compute them, and how they can be used to prioritize...
Qualys API Best Practices: CyberSecurity Asset Management API
The Qualys Security Blog’s API Best Practices Series is designed for Qualys customer programmers or stakeholders with a general knowledge of programming who want to implement best practices to improve development, design, and performance of their programs that use the Qualys API. For non-customer...
Introducing CyberSecurity Asset Management 2.0 with Natively Integrated External Attack Surface Management
Qualys is introducing Qualys CyberSecurity Asset Management 2.0, which now delivers natively integrated External Attack Surface Management EASM to enable Cybersecurity teams to identify any and all assets visible on the internet, including previously unknown assets and any potential security...
Here’s a Simple Script to Detect the Stealthy Nation-State BPFDoor
In this blog, the Qualys Research Team explains the mechanics of a Linux malware variant named BPFdoor. We then demonstrate the efficacy of Qualys Custom Assessment and Remediation to detect it, and Qualys Multi-Vector EDR to protect against it. BPFDoor is a Linux/Unix backdoor that allows threat...
New Qualys Research Report: Evolution of Quasar RAT
The Qualys Threat Research Team continues to inform enterprise cybersecurity teams of emerging threats that could impact their business. These threat intelligence reports summarize individual threat exploits and provide practical recommendations for protecting against them. In this free research...
Attack Surface Management: a Critical Pillar of Cybersecurity Asset Management
In their recent Innovation Insight for Attack Surface Management report, Gartner calls Attack Surface Management or “ASM”, for short the first pillar in a broader Exposure Management strategy. According to Gartner, ASM addresses the questions: What does my organization look like from an attacker’...
Join Qualys at Black Hat USA 2022!
Need to get more security? As a Titanium Sponsor of Black Hat USA 2022 Qualys will be located front and center in Booth 1320 on the show floor. Stop by and visit us to learn about our latest techniques, best practices, and solutions for risk-based vulnerability management, external attack surface...
Aflac Reduces Critical Vulnerabilities by 55% with Qualys VMDR 2.0 with TruRisk
The following is a guest blog by Aflac, a Qualys VMDR customer, on their recent experience completing a Proof of Concept project for the newly release VMDR 2.0 with Qualys TruRisk. About Aflac Aflac Inc. NYSE: AFL is an insurance leader and the largest provider of supplemental insurance in the...
Integrating JIRA to the Qualys Cloud Platform
This is the second in a blog series on integrations to the Qualys Cloud Platform. This post looks at what are the requirements to build a successful integration and workarounds when some of the pieces are missing functionality. We then specifically consider the question of integrated Qualys with...
Use Qualys Flow to Automate Detection & Remediation with No-code Workflows
The threat landscape is rapidly and constantly evolving. New software vulnerabilities and service misconfigurations are discovered daily, and exploits targeting them are often released within hours. For effective security, pursuing the automation of both detection and remediation processes is...
July 2022 Patch Tuesday | Microsoft Releases 84 Vulnerabilities with 4 Critical, plus 2 Microsoft Edge (Chromium-Based); Adobe Releases 4 Advisories, 27 Vulnerabilities with 18 Critical.
Microsoft Patch Tuesday Summary Microsoft has fixed 84 vulnerabilities aka flaws in the July 2022 update, including four 4 vulnerabilities classified as Critical as they allow Remote Code Execution RCE. This months Patch Tuesday cumulative Windows update includes the fix for one 1 actively...
About CMDB Sync Integration with Qualys CyberSecurity Asset Management
Welcome to the first in a new series of blog posts about Qualys integrations. This first blog in the series covers our integrations as they relate to CMDB Sync, which is a part of Qualys CyberSecurity Asset Management CSAM and has two versions. One version is for basic ServiceNow customers who ha...
How to Quickly Prioritize Risks with VMDR 2.0 and Orchestrate Response with CMDB & ITSM Integration
A single source of truth for asset inventory enables Cybersecurity and IT teams to optimally automate risk prioritization and response. Qualys VMDR 2.0 with TruRiskTM leverages Qualys CSAM to automate the Asset Criticality Score, a key parameter of risk scoring. This blog explains how with insigh...
Atlassian Confluence OGNL Injection Remote Code Execution (RCE) Vulnerability (CVE-2022-26134)
On June 02, 2022, Atlassian published a security advisory about a critical severity Unauthenticated Remote Code Execution vulnerability affecting Confluence Server and Data Center. According to the advisory, the vulnerability is being actively exploited and Confluence Server and Data Center...
Risk-based Remediation Powered by Patch Management in Qualys VMDR 2.0
According to the recently released Verizon DBIR report, vulnerability exploitation continued to be one of the top three attack vectors exploited by bad actors in 2021 to break into organizations. As of this writing, it’s only June, but more than 10,000 vulnerabilities have already been disclosed ...
Defending Against Scheduled Task Attacks in Windows Environments
Scheduling tasks is one of the most popular attack techniques used by threat actors to establish persistence on a victim’s machine. The Qualys Research Team investigated different ways that attackers could use to conceal scheduled tasks. In this blog, we describe three new techniques to hide and...
New Qualys Research Report: Inside a Redline InfoStealer Campaign
The Qualys Threat Research Team continues its efforts to identify and document previously unseen adversary activity to better understand their tactics, techniques, and procedures TTPs and defend against them. Recently we identified a new Redline InfoStealer campaign that spreads via fake cracked...
Detect the Follina MSDT Vulnerability (CVE-2022-30190) with Qualys Multi-Vector EDR & Context XDR
A new remote code execution vulnerability called “Follina” has been found lurking in most Microsoft products. In this blog, we examine a potential attack vector as well as technical details of Follina, and chart the ability to detect this new vulnerability using both Qualys Multi-Vector EDR and...
June 2022 Patch Tuesday | Microsoft Releases 55 Vulnerabilities with 3 Critical; Adobe Releases 6 Advisories, 46 Vulnerabilities with 40 Critical.
Microsoft Patch Tuesday Summary Microsoft has fixed 55 vulnerabilities aka flaws in the June 2022 update, including three 3 vulnerabilities classified as Critical as they allow Remote Code Execution RCE. This months Patch Tuesday cumulative Windows update includes the fix for one 1 zero-day...
Close the Gap Between IT & Security with Our New App: Qualys VMDR for ITSM
In recent years, the world has seen an alarming rise in cyber-attacks. According to the just released Verizon DBIR report, the rate of increase of ransomware attacks in 2021 was greater than its rate of increase in the last five years, combined. Malicious exploitation of vulnerabilities continues...
Introducing Qualys VMDR 2.0
Over the last five years, the number of vulnerabilities disclosed has doubled. The speed at which vulnerabilities are weaponized and leveraged for mass exploitation is down to mere days from weeks. For example, mass exploitation of the Log4Shell vulnerability at the end of 2021 occurred 48 hours...
Transitioning to a Risk-based Approach to Cybersecurity
For todays CISOs, managing cyber risk is Job 1, and its a full-time concern. This was communicated loud and clear when Qualys recently hosted several CISOs and cybersecurity executives from our global enterprise customer base at our Strategic Advisory Board meeting in London. Their teams are...
Qualys FIM: Be Compliance Ready with Intuitive, Ready-to-Use File Monitoring Profiles
Requirements for file-level security are often set by laws, regulations, and audit standards. These include identification of what must be protected, the various controls required to implement security, and outcomes required to successfully pass audits for compliance. This blog describes these an...
Put SecOps in the Driver’s Seat with Custom Assessment and Remediation
When zero-day threats emerge, time is of the essence. Security teams struggle to manage and respond to a range of challenges that often require custom approaches outside of existing vulnerability and security programs. Recently, many companies scrambled to mount their defenses against the Log4She...
Upgrade Your FIM Program to Detect Risk and Streamline Compliance
File integrity monitoring FIM tools are essential for defending business and customer data, but legacy tools are falling short by swamping security analysts with irrelevant alerts. This blog describes how Qualys FIM easily solves such issues by accurately isolating file-level breaches and sending...
May 2022 Patch Tuesday | Microsoft Releases 75 Vulnerabilities with 8 Critical; Adobe Releases 5 Advisories, 18 Vulnerabilities with 16 Critical.
Microsoft Patch Tuesday Summary Microsoft has fixed 75 vulnerabilities in the May 2022 update, including one advisory ADV2200011 for Azure in response to CVE-2022-29972, a publicly exposed Zero-Day Remote Code Execution RCE Vulnerability, and eight 8 vulnerabilities classified as Critical as they...
Ursnif Malware Banks on News Events for Phishing Attacks
Ursnif aka Gozi, Dreambot, ISFB is one of the most widespread banking trojans. It has been observed evolving over the past few years. Ursnif has shown incredible theft capabilities. In 2020 Ursnif rose to prominence becoming one of the top ten most prolific pieces of malware. Among its core...
CISA Alert: Top 15 Routinely Exploited Vulnerabilities
The U.S. Cybersecurity & Infrastructure Security Agency has published its report on the top exploited vulnerabilities of 2021. This blog summarizes the report’s findings and how you can use Qualys VMDR to automatically detect and remediate these risks in your enterprise environment. The...
Ransomware Insights from the FBI’s 2021 Internet Crime Report
The FBI has published its annual report on Internet crime. Qualys has analyzed its trends and statistics. In this post, we review our findings, especially with regards to the prevalence of Ransomware, and our recommendations for actions that enterprises should take to mitigate their risk. Every...
Assessing Certificate Risk with Qualys VMDR
Digital certificates and SSL are everywhere. However, managing an accurate inventory of all current certificates in use across your enterprise is an ongoing challenge. This blog examines the scale of the problem, the shortcomings of some popular certificate tracking methods, and how Qualys VMDR’s...
Implications of Windows Subsystem for Linux for Adversaries & Defenders (Part 2)
This post is the second of a multi-part blog series that explores and highlights the different risks that Windows Subsystem for Linux WSL poses to an enterprise IT environment. Here we examine different TTPs that abuse WSL and assess different methods to defend against such threats. ← Go to Part ...
April 2022 Patch Tuesday: Microsoft Releases 145 Vulnerabilities with 10 Critical; Adobe Releases 4 Advisories, 78 Vulnerabilities with 51 Critical.
Microsoft Patch Tuesday Summary Microsoft has fixed 145 vulnerabilities, including 17 Microsoft Edge vulnerabilities, in the April 2022 update, with ten 10 classified as Critical as they allow Remote Code Execution RCE. This month’s Patch Tuesday release includes fixes for two 2 zero-day...
EDR Is Dead. Long Live Multi-Vector EDR.
News of EDR’s demise has been greatly exaggerated. Fact is: older approaches to EDR have to move over. There’s a new solution now: Multi-Vector EDR. This blog reviews the highlights of our latest release of this critically important app on the Qualys Cloud Platform. Although it now seems like a...
Qualys Multi-Vector EDR Excels in 2022 MITRE ATT&CK Evaluation
MITRE evaluated Qualys Multi-Vector EDR against competing alternatives, and the results are in. This blog reviews the basics of MITRE ATT&CK evaluation, how our EDR solution performed, and how to interpret the ratings. MITRE Engenuity has released the results of round 4 of its ATT&CK Evaluations...