Lucene search
K
QualysblogRecent

1089 matches found

Qualys Blog
Qualys Blog
added 2022/03/31 9:0 a.m.494 views

Spring Framework Zero-Day Remote Code Execution (Spring4Shell) Vulnerability

This page last updated: April 7th A new zero-day Remote Code Execution RCE vulnerability, “Spring4Shell” or “SpringShell” was disclosed in the Spring framework. An unauthorized attacker can exploit this vulnerability to remotely execute arbitrary code on the target device. What is Spring Framewor...

7.5CVSS0.2AI score0.99939EPSS
Exploits131
Qualys Blog
Qualys Blog
added 2022/03/22 2:25 p.m.27 views

Implications of Windows Subsystem for Linux for Adversaries & Defenders (Part 1)

This post is the first of a multi-part blog series that will explore and highlight the different risks that Windows Subsystem for Linux WSL poses to an enterprise IT environment. Here we examine a new Microsoft feature for GNU\Linux that increases the attack surface and introduces a lot more...

0.8AI score
Exploits0
Qualys Blog
Qualys Blog
added 2022/03/18 1:1 p.m.27 views

Infographic: Log4Shell Vulnerability Impact by the Numbers

The full scope of risk presented by the Log4Shell vulnerability is something unprecedented, spanning every type of organization across every industry. Hard to find but easy to exploit, Log4Shell immediately places hundreds of millions of Java-based applications, databases, and devices at risk...

0.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2022/03/18 1:0 p.m.235 views

Qualys Study Reveals How Enterprises Responded to Log4Shell

On December 9, 2021, a critical zero-day vulnerability affecting Apache’s Log4j2 library, a Java-based logging utility, was disclosed to the world. This was no small announcement. As the third most used computer language, Java is practically ubiquitous. Its Log4j2 library is extremely popular...

9.3CVSS10AI score0.99999EPSS
Exploits348
Qualys Blog
Qualys Blog
added 2022/03/09 10:31 a.m.94 views

Casdoor SQL Injection (CVE-2022-24124)

On Jan 22, 2022, a high severity SQL Injection vulnerability was reported in Casdoor which affected versions before 1.13.1 release. The vulnerability is tracked as CVE-2022-24124 with CVSS V3 7.5 score has a publicly available simple proof of concept which makes it easier for skilled attackers to...

5CVSS7.7AI score0.58927EPSS
Exploits9
Qualys Blog
Qualys Blog
added 2022/03/08 10:20 p.m.75 views

March 2022 Patch Tuesday: Microsoft Releases 92 Vulnerabilities with 3 Critical; Adobe Releases 3 Advisories, 6 Vulnerabilities with 5 Critical.

Microsoft Patch Tuesday Summary Microsoft has fixed 92 vulnerabilities, including 21 Microsoft Edge vulnerabilities, in the March 2022 update, with three 3 classified as Critical as they allow Remote Code Execution RCE. This months Patch Tuesday release includes fixes for three 3 publicly disclos...

9CVSS8.8AI score0.40789EPSS
Exploits3
Qualys Blog
Qualys Blog
added 2022/03/07 5:18 a.m.1060 views

AvosLocker Ransomware Behavior Examined on Windows & Linux

AvosLocker is a ransomware group that was identified in 2021, specifically targeting Windows machines. Now a new variant of AvosLocker malware is also targeting Linux environments. In this blog, we examine the behavior of these two AvosLocker Ransomware in detail. AvosLocker is a relatively new...

10CVSS8.9AI score0.99999EPSS
Exploits18
Qualys Blog
Qualys Blog
added 2022/03/02 4:59 a.m.29 views

Ukrainian Targets Hit by HermeticWiper, New Datawiper Malware

The Ukrainian Government has been targeted by HermeticWiper, a new ransomware-like data wiper. Its aim is not simply to encrypt the victim’s data, but rather to render a system essentially unusable. In this blog, our Research Team details our analysis of how this aggressive new malware works. The...

2.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2022/02/26 8:20 p.m.518 views

Russia-Ukraine Crisis: How to Strengthen Your Security Posture to Protect against Cyber Attack, based on CISA Guidelines

CISA has created Shields Up as a response to the Russian invasion of Ukraine. Qualys is responding with additional security, monitoring and governance measures. This blog details how and what our enterprise customers can do to immediately strengthen their security posture and meet CISA’s...

10CVSS1AI score0.99999EPSS
Exploits448
Qualys Blog
Qualys Blog
added 2022/02/24 7:18 p.m.25 views

Meet FedRAMP Compliance with Qualys Cloud Platform

FedRAMP compliance is not without its challenges. Learn about some of the major security controls and how the Qualys Cloud Platform can help achieve FedRAMP authorization. What is FedRAMP? The Federal Risk and Authorization Management Program FedRAMP is a U.S. government program that promotes the...

0.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2022/02/23 6:20 p.m.19 views

Enhanced Native DNS based Scanning with Qualys VMDR

Network based scanning of modern infrastructure is getting very complex, especially when the assets are behind CDNs, load balancers, firewalls, and more recently, ephemeral assets that spin up/down as required. This blog describes recent enhancements to Qualys Cloud Platform that allow native...

Exploits0
Qualys Blog
Qualys Blog
added 2022/02/23 5:39 a.m.1208 views

Managing CISA Known Exploited Vulnerabilities with Qualys VMDR

CISA released a directive in November 2021, recommending urgent and prioritized remediation of actively exploited vulnerabilities. Both government agencies and corporations should heed this advice. This blog outlines how Qualys Vulnerability Management, Detection & Response can be used by any...

10CVSS0.6AI score0.99999EPSS
Exploits2415
Qualys Blog
Qualys Blog
added 2022/02/17 7:15 p.m.246 views

Oh Snap! More Lemmings: Local Privilege Escalation Vulnerability Discovered in snap-confine (CVE-2021-44731)

The Qualys Research Team has discovered multiple vulnerabilities in the snap-confine function on Linux operating systems, the most important of which can be exploited to escalate privilege to gain root privileges. Qualys recommends security teams apply patches for these vulnerabilities as soon as...

6.9CVSS0.01561EPSS
Exploits8
Qualys Blog
Qualys Blog
added 2022/02/15 10:47 a.m.28 views

The Unbearable Lightness of Unaudited Supply Chains

An acute need expressed by a majority of CISOs at a roundtable in Italy sparks an idea to use one of our lesser-known compliance apps to manage supply chain security assurance efforts. In the 1984 novel The Unbearable Lightness of Being, author Milan Kundera ponders the fleeting nature of man’s...

6.7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2022/02/08 10:35 p.m.347 views

Microsoft & Adobe Patch Tuesday (February 2022) – Microsoft 70 Vulnerabilities with 0 Critical; Adobe 17 Vulnerabilities with 5 Critical

Microsoft Patch Tuesday – February 2022 Microsoft addresses 70 vulnerabilities in their February 2022 Patch Tuesday release. While none of the vulnerabilities in this month’s Microsoft release cycle have been assigned as critical risk, several have been given a High risk rating CVSSv3.1 score of...

6.9CVSS0.4AI score0.16825EPSS
Exploits0
Qualys Blog
Qualys Blog
added 2022/02/08 1:55 p.m.13 views

Introducing Qualys Context XDR: the Difference between Chaos & Clarity

In my role as a product leader, I have the pleasure of meeting security practitioners from organizations big and small, across multiple industry segments and geographies. No matter how large or small their budget or staff is, how much they’ve invested in their tech stack or how much experience th...

7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2022/02/08 11:24 a.m.62 views

LolZarus: Lazarus Group Incorporating Lolbins into Campaigns

Qualys Threat Research has identified a new Lazarus campaign using employment phishing lures targeting the defence sector. The identified variants target job applicants for Lockheed Martin. This blog details the markers of this campaign, including macro content, campaign flow and phishing themes ...

0.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2022/02/03 7:22 a.m.38 views

Catching the RAT called Agent Tesla

For the last few years, the Qualys Research Team has been observing an infamous "Malware-as-a-service" RAT Remote Access Trojan called Agent Tesla. It first appeared in 2014, and since then many variants have been deployed. This malware uses multiple techniques for evading detection as well as...

0.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2022/02/01 1:30 p.m.27 views

Vulnerability Remediation: It’s Not Just Patching

Vulnerability does not equal a patch, as such remediating a detected vulnerability requires deploying the right patches and, in some cases, making the right configuration changes. Using multiple tools to detect, map and deploy the right remediation actions is time consuming and will result in les...

0.5AI score
Exploits0
Qualys Blog
Qualys Blog
added 2022/01/27 7:56 p.m.23 views

Simplifying Cloud Asset Identification in a Multi-Cloud Environment

Enterprises struggle to get an accurate asset inventory in multi-cloud or hybrid cloud environments. Qualys enhances the metadata for cloud assets while simplifying the collection process. This blog explains how this functionality expedites the identification process, easily identifies vulnerable...

0.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2022/01/25 5:36 p.m.463 views

PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034)

The Qualys Research Team has discovered a memory corruption vulnerability in polkits pkexec, a SUID-root program that is installed by default on every major Linux distribution. This easily exploited vulnerability allows any unprivileged user to gain full root privileges on a vulnerable host by...

7.2CVSS0.2AI score0.94921EPSS
Exploits151
Qualys Blog
Qualys Blog
added 2022/01/17 1:33 p.m.27 views

The Chaos Ransomware Can Be Ravaging

The Qualys Research Team has observed a new version of Chaos ransomware in development. This blog reviews the malware’s updated functionality as well as its ongoing evolution. A ransomware builder called Chaos is still actively under development. The fourth version has recently been observed bein...

7.7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2022/01/14 11:1 a.m.27 views

Automating Agent-less Vulnerability Assessment for Intune Enrolled Mobile Devices

Most Mobile Device Management solutions lack critical functionality such as vulnerability assessment and patch management. Integration with a popular MDM like Microsoft Intune allows Qualys to provide automated onboarding and continuous scanning of your mobile devices, among other functions to...

0.8AI score
Exploits0
Qualys Blog
Qualys Blog
added 2022/01/11 11:32 p.m.179 views

Microsoft & Adobe Patch Tuesday (January 2022) – Microsoft 126 Vulnerabilities with 9 Critical, Adobe 41 Vulnerabilities, 22 critical

Microsoft Patch Tuesday – January 2022 Microsoft patched 126 vulnerabilities in their January 2022 Patch Tuesday release. Out of these, nine are rated as critical severity. As of this writing, none of the 126 vulnerabilities are known to be actively exploited. Microsoft has fixed problems in thei...

10CVSS10AI score0.9279EPSS
Exploits21
Qualys Blog
Qualys Blog
added 2022/01/11 4:58 p.m.194 views

How to Make Log4Shell Remediation Quick & Effective

Confronting the Log4Shell vulnerability in your environment has seemed anything but “easy” due to its prevalence in Java applications. Rapid remediation is critical. In this blog, Qualys offers some advice – and a new utility – to speed up the process. Remediation is a critical step to ensure tha...

9.3CVSS0.99999EPSS
Exploits348
Qualys Blog
Qualys Blog
added 2022/01/06 2:5 p.m.117 views

Emotet Re-emerges with Help from TrickBot

Emotet has recently reemerged after being taken down less than a year ago by global law enforcement as coordinated by Europol and Eurojust. The takedown was achieved after law enforcement compromised a command-and-control system, and then pushed a specially crafted update to Emotet agents that...

9.3CVSS1.3AI score0.99693EPSS
Exploits61
Qualys Blog
Qualys Blog
added 2022/01/05 12:29 p.m.21 views

Mitigation of Supply Chain Risks in Microsoft 365

In this blog we review five attack techniques exploited to compromise MS 365 tenants. Qualys SaaS Detection & Response can be used by both IT and security teams to assess these threats, and then to fix common misconfigurations, hardening supply chain defenses. Last October, news of Microsoft 365 ...

0.4AI score
Exploits0
Qualys Blog
Qualys Blog
added 2021/12/28 6:0 p.m.261 views

Log4Shell – Follow This Multi-Layered Approach for Detection and Remediation

Since the Log4Shell vulnerability was first discovered, Qualys has analyzed and responded to the threat in a systematic way approaching it from all angles – detection, mitigation and remediation. Recognizing the challenge it poses to large enterprises, we recommend that organizations follow a...

9.3CVSS9.7AI score0.99999EPSS
Exploits348
Qualys Blog
Qualys Blog
added 2021/12/27 7:39 p.m.166 views

How to Discover Log4Shell Vulnerabilities in Running Containers & Images

If you run Java applications in containers, then it is critical that you check for Log4Shell vulnerabilities, given the high severity of this potential exploit. Qualys Container Security offers multiple methods to help you detect Log4Shell in your container environment. The Container Security...

9.3CVSS10AI score0.99999EPSS
Exploits352
Qualys Blog
Qualys Blog
added 2021/12/20 7:31 p.m.23 views

Qualys Integrates with Shodan to Help Map the External Attack Surface

Qualys CyberSecurity Asset Management CSAM now natively integrates with Shodan to enable cybersecurity teams to identify all assets visible on the internet, including previously unknown and potential security issues… before attackers find them. Your attack surface is dynamic. Assets come and go,...

0.5AI score
Exploits0
Qualys Blog
Qualys Blog
added 2021/12/20 5:33 p.m.200 views

New Options Profiles for Log4Shell Detection

We have now added two new option profiles to our library for Log4Shell vulnerabilities. Option profiles define the settings you want to use for your scan. These new option profiles are tuned to quickly detect the Log4Shell vulnerability on assets in your environment. The following two...

9.3CVSS10AI score0.99999EPSS
Exploits353
Qualys Blog
Qualys Blog
added 2021/12/20 5:41 a.m.270 views

6 Ways to Quickly Detect a Log4Shell Exploit in Your Environment

In recent days, the cybersecurity industry has been rapidly assessing the full impact of the Log4Shell CVE-2021-44228 and CVE-2021-45046 vulnerability. Many organizations are quickly trying to figure out whether this vulnerability is within their environment, and where. The next question a securi...

9.3CVSS0.99999EPSS
Exploits350
Qualys Blog
Qualys Blog
added 2021/12/17 6:14 p.m.22 views

Out-of-Band Detection for Log4Shell

Log4j is the de facto logging library for all Java applications, as Log4j is used in most Java-based applications. The challenge is that Java applications that use the log4j-vulnerable library can be coded, packaged, and deployed using different methods – this introduces a challenge for detection...

6.8AI score
Exploits0
Qualys Blog
Qualys Blog
added 2021/12/15 5:6 p.m.135 views

Is Your Web Application Exploitable By Log4Shell Vulnerability?

On December 09, 2021, a critical remote code execution vulnerability was identified in Apache Log4j2 after proof-of-concepts were leaked publicly, affecting Apache Log4j 2.x = 2.15.0-rc1. The vulnerability is being tracked as CVE-2021-44228 with CVSSv3 10 score and affects numerous applications...

9.3CVSS10AI score0.99999EPSS
Exploits355
Qualys Blog
Qualys Blog
added 2021/12/14 11:55 p.m.277 views

Log4Shell Exploit Detection and Response with Qualys Multi-Vector EDR

Author: Hiep Dang & Malware Threat Research Team On Dec 9, 2021, the world first learned about the Log4Shell vulnerability aka Log4J CVE-2021-44228 found in the Log4j2 library commonly used by Java applications. Since then, everyone in the cybersecurity industry has been scrambling to understand...

9.3CVSS10AI score0.99999EPSS
Exploits348
Qualys Blog
Qualys Blog
added 2021/12/14 11:55 p.m.56 views

Detect Exploitation Attempts With Qualys XDR (Beta)

The recently announced Log4JShell / CVE-2021-44228 exploit is the latest reminder of why it’s so important to maintain an enterprise-wide view of your security posture. The heart of the exploit centers around misuse of the JNDI lookup function built into log4j. Impact: There are multiple proofs o...

9.3CVSS9.9AI score0.99999EPSS
Exploits348
Qualys Blog
Qualys Blog
added 2021/12/14 10:8 p.m.101 views

Microsoft & Adobe Patch Tuesday (December 2021) – Microsoft 83 Vulnerabilities with 7 Critical, 1 Actively Exploited. Adobe 60 Vulnerabilities, 28 critical.

Microsoft Patch Tuesday – December 2021 Microsoft patched 83 vulnerabilities in their December 2021 Patch Tuesday release, of which seven 7 are rated as critical severity. This months release includes one 1 Zero Day known to be actively exploited. Products impacted by Microsofts December security...

7.5CVSS0.3AI score0.10295EPSS
Exploits1
Qualys Blog
Qualys Blog
added 2021/12/13 8:42 p.m.20 views

Developing a Repeatable and Sustainable Security Exploitable Risk Reporting Program

Introduction The key to creating a practical Reporting Philosophy is/are well-written vulnerability management policies, standards, and guidelines. These are often referred to as a Security, Governance, Risk, and Compliance SGRC program and a well-defined risk exception and acceptance RA program,...

6.9AI score
Exploits0
Qualys Blog
Qualys Blog
added 2021/12/10 7:30 p.m.969 views

CVE-2021-44228: Apache Log4j2 Zero-Day Exploited in the Wild (Log4Shell)

Update Take advantage of our free service to quickly detect vulnerabilities in your external attack surface. Visit qualys.com/was-log4shell-help to get started. Update – December 22, 2021 7:53 PM ET A bug in external scanners could result in false negatives when unauthenticated Log4Shell scans we...

9.3CVSS0.6AI score0.99999EPSS
Exploits353
Qualys Blog
Qualys Blog
added 2021/12/10 6:16 a.m.14 views

RANSOMWARE: Ranzy Locker

On 25 October 2021, the FBI released a report documenting their findings about a ransomware variant known as Ranzy Locker. While Ranzy Locker has not been used as prolifically as Conti or Darkside, it does leverage some of the same old ransomware tricks to attack its victims. In conjunction with...

0.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2021/12/07 7:51 p.m.25 views

Continuous Security Hardening and Monitoring for IBM® z/OS® Mainframes and Databases Using Qualys Policy Compliance

Mainframes are a key infrastructure component for many enterprises worldwide. Arguably the most secure, reliable, and efficient computing platform, mainframes hold some 70% of the worlds business-critical data. Even though they are highly secure and resilient, it’s a common misconception that...

7.4AI score
Exploits0
Qualys Blog
Qualys Blog
added 2021/11/29 4:38 p.m.13 views

It’s a Wrap! QSC 2021 Las Vegas Laid Out Problems, Solutions and Innovation

Although organizations have made moves toward it for years, digital transformation, in a way, has only just begun. The pandemic may have accelerated migration to the cloud but going forward business will drive continued transformation—and innovation. But to get the most out of the investments in...

7.3AI score
Exploits0
Qualys Blog
Qualys Blog
added 2021/11/22 3:54 p.m.17 views

Euronet Worldwide: Speedy, Global Response to Threats Reduces Risk

After years of using manual processes and systems to manage its IT inventory and track vulnerabilities, racking up costs, and increasing the complexity of asset and vulnerability management, Euronet Worldwide needed a way to get a single, accurate and timely view of risk exposure at the group...

6.8AI score
Exploits0
Qualys Blog
Qualys Blog
added 2021/11/19 4:32 p.m.18 views

QSC Day 2 Recap: Innovation Makes for Better Defense, Improves Resilience

If 2020 was the year of disruption, then 2021 was characterized by high-profile—and low-profile—cyberattacks against the likes of JBS Supply, Colonial Pipeline, and Kaseya. Three years that underscored the need for organizations not only to defend themselves but to become resilient to weather and...

7.3AI score
Exploits0
Qualys Blog
Qualys Blog
added 2021/11/18 5:17 p.m.493 views

Conti Ransomware

Conti is a sophisticated Ransomware-as-a-Service RaaS model first detected in December 2019. Since its inception, its use has grown rapidly and has even displaced the use of other RaaS tools like Ryuk. The Cybersecurity and Infrastructure Security Agency CISA and the Federal Bureau of Investigati...

9.3CVSS10.6AI score0.99759EPSS
Exploits166
Qualys Blog
Qualys Blog
added 2021/11/18 5:6 p.m.14 views

QSC Day 1 Recap: As Threats Intensify, Qualys Helps Organizations Shore Up Security

Cyberattacks are occurring more frequently. They’re also more damaging. And they’re only likely to get worse. Chris Krebs should know—for the two years he served as director of the Cybersecurity and Infrastructure Security Agency CISA, he was charged with sussing out threats, sounding the alarm t...

7.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2021/11/18 12:24 a.m.23 views

Security Automation Critical to the Digital Journey

QSC Day 1 Recap After a stressful two years of disruption and an uptick in damaging cyberattacks, security teams are overwhelmed and understaffed. As QSC 2021 kicks off in Las Vegas, Qualys President and CEO Sumedh Thakar explains how automation can relieve the burden and bolster companies’...

7.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2021/11/11 1:7 a.m.202 views

Microsoft & Adobe Patch Tuesday (November 2021) – Microsoft 55 Vulnerabilities with 6 Critical, 6 Zero-Days. Adobe 4 Vulnerabilities

Microsoft Patch Tuesday – November 2021 Microsoft patched 55 vulnerabilities in their November 2021 Patch Tuesday release, of which six are rated as critical severity and six were previously reported as zero-days. Critical Microsoft Vulnerabilities Patched CVE-2021-42298 - Microsoft Defender Remo...

9.3CVSS9.6AI score0.90388EPSS
Exploits11
Qualys Blog
Qualys Blog
added 2021/11/09 6:15 a.m.417 views

Qualys Response to CISA Alert: Binding Operational Directive 22-01

Start your VMDR 30-day, no-cost trial today Overview On November 3, 2021, the U.S. Cybersecurity and Infrastructure Security Agency CISA released a Binding Operational Directive 22-01, "Reducing the Significant Risk of Known Exploited Vulnerabilities." This directive recommends urgent and...

10CVSS8.5AI score0.99999EPSS
Exploits754
Qualys Blog
Qualys Blog
added 2021/11/02 12:45 p.m.13 views

CSPM Evolution – Start Secure, Stay Secure

For the last several years, the Verizon DBIR report has identified misconfigurations, errors that are unintended actions by an internal party, as one of the top reasons for data breaches. This trend is further reinforced by the results of a recent survey conducted by Cybersecurity Insiders. They...

7.4AI score
Exploits0
Total number of security vulnerabilities1089