1089 matches found
Spring Framework Zero-Day Remote Code Execution (Spring4Shell) Vulnerability
This page last updated: April 7th A new zero-day Remote Code Execution RCE vulnerability, “Spring4Shell” or “SpringShell” was disclosed in the Spring framework. An unauthorized attacker can exploit this vulnerability to remotely execute arbitrary code on the target device. What is Spring Framewor...
Implications of Windows Subsystem for Linux for Adversaries & Defenders (Part 1)
This post is the first of a multi-part blog series that will explore and highlight the different risks that Windows Subsystem for Linux WSL poses to an enterprise IT environment. Here we examine a new Microsoft feature for GNU\Linux that increases the attack surface and introduces a lot more...
Infographic: Log4Shell Vulnerability Impact by the Numbers
The full scope of risk presented by the Log4Shell vulnerability is something unprecedented, spanning every type of organization across every industry. Hard to find but easy to exploit, Log4Shell immediately places hundreds of millions of Java-based applications, databases, and devices at risk...
Qualys Study Reveals How Enterprises Responded to Log4Shell
On December 9, 2021, a critical zero-day vulnerability affecting Apache’s Log4j2 library, a Java-based logging utility, was disclosed to the world. This was no small announcement. As the third most used computer language, Java is practically ubiquitous. Its Log4j2 library is extremely popular...
Casdoor SQL Injection (CVE-2022-24124)
On Jan 22, 2022, a high severity SQL Injection vulnerability was reported in Casdoor which affected versions before 1.13.1 release. The vulnerability is tracked as CVE-2022-24124 with CVSS V3 7.5 score has a publicly available simple proof of concept which makes it easier for skilled attackers to...
March 2022 Patch Tuesday: Microsoft Releases 92 Vulnerabilities with 3 Critical; Adobe Releases 3 Advisories, 6 Vulnerabilities with 5 Critical.
Microsoft Patch Tuesday Summary Microsoft has fixed 92 vulnerabilities, including 21 Microsoft Edge vulnerabilities, in the March 2022 update, with three 3 classified as Critical as they allow Remote Code Execution RCE. This months Patch Tuesday release includes fixes for three 3 publicly disclos...
AvosLocker Ransomware Behavior Examined on Windows & Linux
AvosLocker is a ransomware group that was identified in 2021, specifically targeting Windows machines. Now a new variant of AvosLocker malware is also targeting Linux environments. In this blog, we examine the behavior of these two AvosLocker Ransomware in detail. AvosLocker is a relatively new...
Ukrainian Targets Hit by HermeticWiper, New Datawiper Malware
The Ukrainian Government has been targeted by HermeticWiper, a new ransomware-like data wiper. Its aim is not simply to encrypt the victim’s data, but rather to render a system essentially unusable. In this blog, our Research Team details our analysis of how this aggressive new malware works. The...
Russia-Ukraine Crisis: How to Strengthen Your Security Posture to Protect against Cyber Attack, based on CISA Guidelines
CISA has created Shields Up as a response to the Russian invasion of Ukraine. Qualys is responding with additional security, monitoring and governance measures. This blog details how and what our enterprise customers can do to immediately strengthen their security posture and meet CISA’s...
Meet FedRAMP Compliance with Qualys Cloud Platform
FedRAMP compliance is not without its challenges. Learn about some of the major security controls and how the Qualys Cloud Platform can help achieve FedRAMP authorization. What is FedRAMP? The Federal Risk and Authorization Management Program FedRAMP is a U.S. government program that promotes the...
Enhanced Native DNS based Scanning with Qualys VMDR
Network based scanning of modern infrastructure is getting very complex, especially when the assets are behind CDNs, load balancers, firewalls, and more recently, ephemeral assets that spin up/down as required. This blog describes recent enhancements to Qualys Cloud Platform that allow native...
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR
CISA released a directive in November 2021, recommending urgent and prioritized remediation of actively exploited vulnerabilities. Both government agencies and corporations should heed this advice. This blog outlines how Qualys Vulnerability Management, Detection & Response can be used by any...
Oh Snap! More Lemmings: Local Privilege Escalation Vulnerability Discovered in snap-confine (CVE-2021-44731)
The Qualys Research Team has discovered multiple vulnerabilities in the snap-confine function on Linux operating systems, the most important of which can be exploited to escalate privilege to gain root privileges. Qualys recommends security teams apply patches for these vulnerabilities as soon as...
The Unbearable Lightness of Unaudited Supply Chains
An acute need expressed by a majority of CISOs at a roundtable in Italy sparks an idea to use one of our lesser-known compliance apps to manage supply chain security assurance efforts. In the 1984 novel The Unbearable Lightness of Being, author Milan Kundera ponders the fleeting nature of man’s...
Microsoft & Adobe Patch Tuesday (February 2022) – Microsoft 70 Vulnerabilities with 0 Critical; Adobe 17 Vulnerabilities with 5 Critical
Microsoft Patch Tuesday – February 2022 Microsoft addresses 70 vulnerabilities in their February 2022 Patch Tuesday release. While none of the vulnerabilities in this month’s Microsoft release cycle have been assigned as critical risk, several have been given a High risk rating CVSSv3.1 score of...
Introducing Qualys Context XDR: the Difference between Chaos & Clarity
In my role as a product leader, I have the pleasure of meeting security practitioners from organizations big and small, across multiple industry segments and geographies. No matter how large or small their budget or staff is, how much they’ve invested in their tech stack or how much experience th...
LolZarus: Lazarus Group Incorporating Lolbins into Campaigns
Qualys Threat Research has identified a new Lazarus campaign using employment phishing lures targeting the defence sector. The identified variants target job applicants for Lockheed Martin. This blog details the markers of this campaign, including macro content, campaign flow and phishing themes ...
Catching the RAT called Agent Tesla
For the last few years, the Qualys Research Team has been observing an infamous "Malware-as-a-service" RAT Remote Access Trojan called Agent Tesla. It first appeared in 2014, and since then many variants have been deployed. This malware uses multiple techniques for evading detection as well as...
Vulnerability Remediation: It’s Not Just Patching
Vulnerability does not equal a patch, as such remediating a detected vulnerability requires deploying the right patches and, in some cases, making the right configuration changes. Using multiple tools to detect, map and deploy the right remediation actions is time consuming and will result in les...
Simplifying Cloud Asset Identification in a Multi-Cloud Environment
Enterprises struggle to get an accurate asset inventory in multi-cloud or hybrid cloud environments. Qualys enhances the metadata for cloud assets while simplifying the collection process. This blog explains how this functionality expedites the identification process, easily identifies vulnerable...
PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034)
The Qualys Research Team has discovered a memory corruption vulnerability in polkits pkexec, a SUID-root program that is installed by default on every major Linux distribution. This easily exploited vulnerability allows any unprivileged user to gain full root privileges on a vulnerable host by...
The Chaos Ransomware Can Be Ravaging
The Qualys Research Team has observed a new version of Chaos ransomware in development. This blog reviews the malware’s updated functionality as well as its ongoing evolution. A ransomware builder called Chaos is still actively under development. The fourth version has recently been observed bein...
Automating Agent-less Vulnerability Assessment for Intune Enrolled Mobile Devices
Most Mobile Device Management solutions lack critical functionality such as vulnerability assessment and patch management. Integration with a popular MDM like Microsoft Intune allows Qualys to provide automated onboarding and continuous scanning of your mobile devices, among other functions to...
Microsoft & Adobe Patch Tuesday (January 2022) – Microsoft 126 Vulnerabilities with 9 Critical, Adobe 41 Vulnerabilities, 22 critical
Microsoft Patch Tuesday – January 2022 Microsoft patched 126 vulnerabilities in their January 2022 Patch Tuesday release. Out of these, nine are rated as critical severity. As of this writing, none of the 126 vulnerabilities are known to be actively exploited. Microsoft has fixed problems in thei...
How to Make Log4Shell Remediation Quick & Effective
Confronting the Log4Shell vulnerability in your environment has seemed anything but “easy” due to its prevalence in Java applications. Rapid remediation is critical. In this blog, Qualys offers some advice – and a new utility – to speed up the process. Remediation is a critical step to ensure tha...
Emotet Re-emerges with Help from TrickBot
Emotet has recently reemerged after being taken down less than a year ago by global law enforcement as coordinated by Europol and Eurojust. The takedown was achieved after law enforcement compromised a command-and-control system, and then pushed a specially crafted update to Emotet agents that...
Mitigation of Supply Chain Risks in Microsoft 365
In this blog we review five attack techniques exploited to compromise MS 365 tenants. Qualys SaaS Detection & Response can be used by both IT and security teams to assess these threats, and then to fix common misconfigurations, hardening supply chain defenses. Last October, news of Microsoft 365 ...
Log4Shell – Follow This Multi-Layered Approach for Detection and Remediation
Since the Log4Shell vulnerability was first discovered, Qualys has analyzed and responded to the threat in a systematic way approaching it from all angles – detection, mitigation and remediation. Recognizing the challenge it poses to large enterprises, we recommend that organizations follow a...
How to Discover Log4Shell Vulnerabilities in Running Containers & Images
If you run Java applications in containers, then it is critical that you check for Log4Shell vulnerabilities, given the high severity of this potential exploit. Qualys Container Security offers multiple methods to help you detect Log4Shell in your container environment. The Container Security...
Qualys Integrates with Shodan to Help Map the External Attack Surface
Qualys CyberSecurity Asset Management CSAM now natively integrates with Shodan to enable cybersecurity teams to identify all assets visible on the internet, including previously unknown and potential security issues… before attackers find them. Your attack surface is dynamic. Assets come and go,...
New Options Profiles for Log4Shell Detection
We have now added two new option profiles to our library for Log4Shell vulnerabilities. Option profiles define the settings you want to use for your scan. These new option profiles are tuned to quickly detect the Log4Shell vulnerability on assets in your environment. The following two...
6 Ways to Quickly Detect a Log4Shell Exploit in Your Environment
In recent days, the cybersecurity industry has been rapidly assessing the full impact of the Log4Shell CVE-2021-44228 and CVE-2021-45046 vulnerability. Many organizations are quickly trying to figure out whether this vulnerability is within their environment, and where. The next question a securi...
Out-of-Band Detection for Log4Shell
Log4j is the de facto logging library for all Java applications, as Log4j is used in most Java-based applications. The challenge is that Java applications that use the log4j-vulnerable library can be coded, packaged, and deployed using different methods – this introduces a challenge for detection...
Is Your Web Application Exploitable By Log4Shell Vulnerability?
On December 09, 2021, a critical remote code execution vulnerability was identified in Apache Log4j2 after proof-of-concepts were leaked publicly, affecting Apache Log4j 2.x = 2.15.0-rc1. The vulnerability is being tracked as CVE-2021-44228 with CVSSv3 10 score and affects numerous applications...
Log4Shell Exploit Detection and Response with Qualys Multi-Vector EDR
Author: Hiep Dang & Malware Threat Research Team On Dec 9, 2021, the world first learned about the Log4Shell vulnerability aka Log4J CVE-2021-44228 found in the Log4j2 library commonly used by Java applications. Since then, everyone in the cybersecurity industry has been scrambling to understand...
Detect Exploitation Attempts With Qualys XDR (Beta)
The recently announced Log4JShell / CVE-2021-44228 exploit is the latest reminder of why it’s so important to maintain an enterprise-wide view of your security posture. The heart of the exploit centers around misuse of the JNDI lookup function built into log4j. Impact: There are multiple proofs o...
Microsoft & Adobe Patch Tuesday (December 2021) – Microsoft 83 Vulnerabilities with 7 Critical, 1 Actively Exploited. Adobe 60 Vulnerabilities, 28 critical.
Microsoft Patch Tuesday – December 2021 Microsoft patched 83 vulnerabilities in their December 2021 Patch Tuesday release, of which seven 7 are rated as critical severity. This months release includes one 1 Zero Day known to be actively exploited. Products impacted by Microsofts December security...
Developing a Repeatable and Sustainable Security Exploitable Risk Reporting Program
Introduction The key to creating a practical Reporting Philosophy is/are well-written vulnerability management policies, standards, and guidelines. These are often referred to as a Security, Governance, Risk, and Compliance SGRC program and a well-defined risk exception and acceptance RA program,...
CVE-2021-44228: Apache Log4j2 Zero-Day Exploited in the Wild (Log4Shell)
Update Take advantage of our free service to quickly detect vulnerabilities in your external attack surface. Visit qualys.com/was-log4shell-help to get started. Update – December 22, 2021 7:53 PM ET A bug in external scanners could result in false negatives when unauthenticated Log4Shell scans we...
RANSOMWARE: Ranzy Locker
On 25 October 2021, the FBI released a report documenting their findings about a ransomware variant known as Ranzy Locker. While Ranzy Locker has not been used as prolifically as Conti or Darkside, it does leverage some of the same old ransomware tricks to attack its victims. In conjunction with...
Continuous Security Hardening and Monitoring for IBM® z/OS® Mainframes and Databases Using Qualys Policy Compliance
Mainframes are a key infrastructure component for many enterprises worldwide. Arguably the most secure, reliable, and efficient computing platform, mainframes hold some 70% of the worlds business-critical data. Even though they are highly secure and resilient, it’s a common misconception that...
It’s a Wrap! QSC 2021 Las Vegas Laid Out Problems, Solutions and Innovation
Although organizations have made moves toward it for years, digital transformation, in a way, has only just begun. The pandemic may have accelerated migration to the cloud but going forward business will drive continued transformation—and innovation. But to get the most out of the investments in...
Euronet Worldwide: Speedy, Global Response to Threats Reduces Risk
After years of using manual processes and systems to manage its IT inventory and track vulnerabilities, racking up costs, and increasing the complexity of asset and vulnerability management, Euronet Worldwide needed a way to get a single, accurate and timely view of risk exposure at the group...
QSC Day 2 Recap: Innovation Makes for Better Defense, Improves Resilience
If 2020 was the year of disruption, then 2021 was characterized by high-profile—and low-profile—cyberattacks against the likes of JBS Supply, Colonial Pipeline, and Kaseya. Three years that underscored the need for organizations not only to defend themselves but to become resilient to weather and...
Conti Ransomware
Conti is a sophisticated Ransomware-as-a-Service RaaS model first detected in December 2019. Since its inception, its use has grown rapidly and has even displaced the use of other RaaS tools like Ryuk. The Cybersecurity and Infrastructure Security Agency CISA and the Federal Bureau of Investigati...
QSC Day 1 Recap: As Threats Intensify, Qualys Helps Organizations Shore Up Security
Cyberattacks are occurring more frequently. They’re also more damaging. And they’re only likely to get worse. Chris Krebs should know—for the two years he served as director of the Cybersecurity and Infrastructure Security Agency CISA, he was charged with sussing out threats, sounding the alarm t...
Security Automation Critical to the Digital Journey
QSC Day 1 Recap After a stressful two years of disruption and an uptick in damaging cyberattacks, security teams are overwhelmed and understaffed. As QSC 2021 kicks off in Las Vegas, Qualys President and CEO Sumedh Thakar explains how automation can relieve the burden and bolster companies’...
Microsoft & Adobe Patch Tuesday (November 2021) – Microsoft 55 Vulnerabilities with 6 Critical, 6 Zero-Days. Adobe 4 Vulnerabilities
Microsoft Patch Tuesday – November 2021 Microsoft patched 55 vulnerabilities in their November 2021 Patch Tuesday release, of which six are rated as critical severity and six were previously reported as zero-days. Critical Microsoft Vulnerabilities Patched CVE-2021-42298 - Microsoft Defender Remo...
Qualys Response to CISA Alert: Binding Operational Directive 22-01
Start your VMDR 30-day, no-cost trial today Overview On November 3, 2021, the U.S. Cybersecurity and Infrastructure Security Agency CISA released a Binding Operational Directive 22-01, "Reducing the Significant Risk of Known Exploited Vulnerabilities." This directive recommends urgent and...
CSPM Evolution – Start Secure, Stay Secure
For the last several years, the Verizon DBIR report has identified misconfigurations, errors that are unintended actions by an internal party, as one of the top reasons for data breaches. This trend is further reinforced by the results of a recent survey conducted by Cybersecurity Insiders. They...