Lucene search
K
QualysblogRecent

1089 matches found

Qualys Blog
Qualys Blog
added 2021/04/21 12:55 p.m.62 views

Manage Linux Patching with Qualys VMDR

As attacks on infrastructure continue to increase, security teams are looking to go beyond detection and response by eliminating the root cause of the attacks -- unpatched vulnerabilities. With the majority of production systems running Linux, IT teams have been looking for a single, efficient...

Exploits0
Qualys Blog
Qualys Blog
added 2021/04/14 6:9 p.m.474 views

April 2021 Patch Tuesday – 108 Vulnerabilities, 19 Critical, Adobe

This month’s Microsoft Patch Tuesday addresses 108 vulnerabilities, of which 19 are rated critical severity and 88 are rated high severity. Adobe released patches for its Photoshop, Digital Editions, and Bridge products. CVE-2021-28310: Win32k Elevation of Privilege Vulnerability Microsoft releas...

10CVSS0.1AI score0.83337EPSS
Exploits4
Qualys Blog
Qualys Blog
added 2021/04/14 2:30 p.m.241 views

Qualys API Best Practices: Host List API

When you’re looking to add automation to your vulnerability management and policy compliance program, a good starting point is the Host List, which is your scanned asset inventory. More precisely, it represents which assets have been scanned and when for Qualys Vulnerability Management VM or Poli...

6.9AI score
Exploits0
Qualys Blog
Qualys Blog
added 2021/04/14 4:20 a.m.47 views

Introducing “This Month in Patches” Webinar Series

It’s no secret that the number of vulnerabilities is on the rise, and so too are the attempts by hackers to exploit them as quickly as they can. Over the last few years, the average time from vulnerability disclosure to exploit is down to a mere seven days. Organizations therefore need to move...

0.3AI score
Exploits0
Qualys Blog
Qualys Blog
added 2021/04/12 10:14 p.m.90 views

Google Android April 2021 Security Patch Vulnerabilities: Discover and Take Remote Response Action Using VMDR for Mobile Devices

The recently released Android Security Bulletin for April 2021 addresses 36 vulnerabilities, out of which 2 are rated as critical vulnerabilities. The vulnerabilities affect open-source components such as the Android Framework, Android Media Framework, Android System, and Android’s Linux Kernel...

10CVSS1.9AI score0.02846EPSS
Exploits1
Qualys Blog
Qualys Blog
added 2021/04/08 10:3 p.m.58 views

No Auth, Seamless Database Security and Compliance

As data breaches continue to target databases and attack techniques become more sophisticated over time, organizations are looking for dynamic and efficient ways to effectively monitor the compliance posture of the databases in their hybrid environments. They have traditionally used privileged...

0.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2021/04/02 3:0 p.m.106 views

Qualys Update on Accellion FTA Security Incident

Update April 2, 2021 to the March 3 original blog post: As part of our commitment to keeping customers and the community informed about how we are addressing and resolving the Accellion FTA cyber incident, we are providing the following update to confirm containment of the incident and share...

0.4AI score
Exploits0
Qualys Blog
Qualys Blog
added 2021/04/01 5:1 p.m.39 views

Assessing Mainframe Compliance While Minimizing Operational Impact

While many in the industry consider mainframes to be inherently secure systems that dont require additional hardening, this is not the case, according to recent Forrester surveys which reveal that security incidents are commonplace in mainframes. Mainframes are the backbone of many businesses and...

Exploits0
Qualys Blog
Qualys Blog
added 2021/03/31 3:34 p.m.40 views

Extending your FedRAMP Program to Container Infrastructure with the Qualys Cloud Platform

Following the recent release of the FedRAMP Vulnerability Scanning Requirements for Containers, FedRAMP-authorized systems that make use of containers have one month from March 16, 2021 to submit a plan for compliance with the new requirements. Organizations with a need to certify their services...

0.8AI score
Exploits0
Qualys Blog
Qualys Blog
added 2021/03/23 7:19 p.m.299 views

Unified Dashboard Preview for Enhanced Security Visualization

Qualys has introduced the Unified Dashboard Framework UDF to enrich your dashboarding experience. Unified Dashboard UD brings information from all Qualys applications into a single place for visualization. UD adds a powerful new dashboarding framework to the Qualys Cloud Platform that will be...

0.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2021/03/22 1:0 p.m.45 views

Qualys Leadership Update: Moving Forward Together

Today, we announced that Philippe Courtot has resigned from his CEO role. As you may know, Philippe took a leave of absence due to health issues unrelated to COVID-19 last month. Our thoughts are with Philippe and his family as he continues to focus on improving his health. Over the past 20 years...

7.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2021/03/11 2:2 a.m.56 views

Security Advisory: Mitigating the Risk of Microsoft Exchange Zero-Day ProxyLogon Vulnerabilities

Microsoft recently released several security updates for Microsoft Exchange Server to address vulnerabilities that sophisticated nation-state actors are exploiting to exfiltrate critical data from a variety of organizations. Reports suggest attackers have been targeting these vulnerabilities sinc...

0.5AI score
Exploits0
Qualys Blog
Qualys Blog
added 2021/03/09 9:33 p.m.188 views

March 2021 Patch Tuesday – 82 Vulnerabilities, 10 Critical, Adobe

This month’s Microsoft Patch Tuesday addresses 82 vulnerabilities, of which 10 are rated with Critical severity. This follows an out-of-band security update on March 2 to address critical vulnerabilities in Microsoft Exchange. Adobe released patches today for its FrameMaker, Creative Cloud Deskto...

10CVSS1.2AI score0.81103EPSS
Exploits0
Qualys Blog
Qualys Blog
added 2021/03/03 10:12 p.m.1795 views

Microsoft Exchange Server Zero-Days (ProxyLogon) – Automatically Discover, Prioritize and Remediate Using Qualys VMDR

Update March 10, 2021: A new section describes how to respond with mitigation controls if patches cannot be applied, as recommended by Microsoft. This section details the Qualys Policy Compliance control ids for each vulnerability. Update March 8, 2021: Qualys has released an additional QID: 5010...

7.5CVSS0.1AI score0.99999EPSS
Exploits69
Qualys Blog
Qualys Blog
added 2021/03/02 9:18 p.m.130 views

Qualys API Best Practices: KnowledgeBase API

This API Best Practices Series shows how to optimize your API usage starting with the KnowledgeBase API. The accompanying video presents these API best practices along with live code examples, so that you can effectively integrate the KnowledgeBase with other data and use it in process automation...

7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2021/02/10 9:17 p.m.402 views

Expand Your Vulnerability & Patch Management Program to Mobile Devices with Qualys VMDR

As mobile devices have become ubiquitous in almost every business process, whether in bank branches, manufacturing sites or retail stores, they are now hosting business applications and data that is subject to regulatory compliance and security. With access to critical corporate resources inside...

6.8CVSS0.5AI score0.78808EPSS
Exploits33
Qualys Blog
Qualys Blog
added 2021/02/09 8:22 p.m.439 views

February 2021 Patch Tuesday – 56 Vulnerabilities, 11 Critical, Adobe

This month’s Microsoft Patch Tuesday addresses 56 vulnerabilities, of which 11 are rated as Critical. Adobe released patches today for Reader, Acrobat, Magento, Photoshop, Animate, Illustrator, and Dreamweaver. TCP/IP Trio Microsoft released a set of fixes affecting Windows TCP/IP implementation...

7.5CVSS1.3AI score0.8621EPSS
Exploits30
Qualys Blog
Qualys Blog
added 2021/02/03 1:55 p.m.35 views

Unified SaaS Application Security, Detection, and Response

Organizations are rapidly embracing Software as a Service SaaS applications for scalability, ease & flexibility of use, and the benefits of not using their own infrastructure. To maintain their focus on business objectives during the new ‘remote workforce normalcy’, organizations have fast-tracke...

Exploits0
Qualys Blog
Qualys Blog
added 2021/02/01 8:40 p.m.1009 views

Unpacking the CVEs in the FireEye Breach – Start Here First

In a blog post on Dec. 22, 2020, Qualys revealed it has identified 7.5 million instances of vulnerability to the stolen FireEye Red Team assessment tools across an anonymized set of its 15,700-member customer base. Of the 7.5 million instances of vulnerability, 99.84% were caused by only 8 CVEs,...

10CVSS0.4AI score0.99999EPSS
Exploits228
Qualys Blog
Qualys Blog
added 2021/01/26 6:9 p.m.1434 views

CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit)

Update Feb 3, 2021: It has been reported that macOS, AIX, and Solaris are also vulnerable to CVE-2021-3156, and that others may also still be vulnerable. Qualys has not independently verified the exploit. Original Post: The Qualys Research Team has discovered a heap overflow vulnerability in sudo...

7.2CVSS0.4AI score0.99295EPSS
Exploits81
Qualys Blog
Qualys Blog
added 2021/01/26 12:0 p.m.116 views

Dive Deep into VMDR

Qualys devoted the second day of the Qualys Security Conference entirely to vulnerability management, detection and response VMDR, a critical area for the security and compliance of hybrid cloud IT environments. Mehul Revankar, VP of Product Management and Engineering for VMDR at Qualys, set the...

0.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2021/01/25 12:30 p.m.47 views

The Evolution of the Qualys Cloud Platform

The global pandemic has upended everything, and in the cyber security world in particular it has highlighted the need for organizations to have a cloud-based security and compliance platform, Qualys President and Chief Product Officer Sumedh Thakar said during his keynote Monday at Qualys Securit...

7.4AI score
Exploits0
Qualys Blog
Qualys Blog
added 2021/01/25 12:0 p.m.54 views

Building an Open Cloud Platform

Qualys Chairman and CEO Philippe Courtot kicked off Qualys Security Conference with an assessment of current security challenges and a clear call to action on how to successfully overcome them. “Today security is front and center, and as we move to the cloud, we must rethink security,” Courtot sa...

0.8AI score
Exploits0
Qualys Blog
Qualys Blog
added 2021/01/21 3:51 p.m.109 views

Unified Vulnerability View of Unauthenticated and Agent Scans

Vulnerability scanning has evolved significantly over the past few decades. But the key goal remains the same, which is to accurately identify vulnerabilities, assess the risk, prioritize them, and finally remediate them before they get exploited by an attacker. Therein lies the challenge. It is...

7.3AI score
Exploits0
Qualys Blog
Qualys Blog
added 2021/01/12 8:1 p.m.345 views

January 2021 Patch Tuesday – 83 Vulnerabilities, 10 Critical, One Zero Day, Adobe

This month’s Microsoft Patch Tuesday addresses 83 vulnerabilities. The 10 Critical vulnerabilities cover Windows codecs, Office, HEVC video extensions, RPC runtime, and several other workstation vulnerabilities. Adobe released patches today for Photoshop, Campaign Classic, InCopy, Illustrator,...

7.2CVSS0.4AI score0.39653EPSS
Exploits1
Qualys Blog
Qualys Blog
added 2021/01/04 7:24 p.m.47 views

Technical Deep Dive Into SolarWinds Breach

Many organizations have been compromised by the recent SolarWinds breach, which seems to be a targeted attack against both government and private agencies. The complete scale of this attack is still unknown, but what is known is that the hackers gained access to victims’ systems via malicious...

0.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2020/12/22 9:17 p.m.1389 views

Qualys Security Advisory: SolarWinds / FireEye

Qualys Researchers found Millions of devices exposed to vulnerabilities used in the stolen FireEye Red Team tools and SolarWinds Orion by analyzing the anonymized set of vulnerabilities across Qualys’ worldwide customer base Qualys to offer a free 60-day integrated Vulnerability Management,...

10CVSS0.2AI score0.99999EPSS
Exploits268
Qualys Blog
Qualys Blog
added 2020/12/21 11:20 p.m.43 views

Adobe Flash Player Reaches End of Life on December 31, 2020

In July 2017, Adobe announced that Adobe Flash Player will reach “End of Life” EOL on Thursday, December 31, 2020. After this date, Adobe Flash Player will no longer be supported or distributed by Adobe. Adobe says that once Flash reaches its EOL date, there will be no further updates or security...

1.9AI score
Exploits0
Qualys Blog
Qualys Blog
added 2020/12/15 5:26 a.m.43 views

Solorigate/Sunburst : FireEye Breach Leveraged SolarWinds Orion Software

Update Dec 23, 2020: Added new section describing how to reduce risk with File Integrity Monitoring. Update Dec 22, 2020: FireEye Red Team tools & Solorigate/SUNBURST On December 13, SolarWinds released a security advisory regarding a successful supply-chain attack on the Orion management platfor...

0.8AI score
Exploits0
Qualys Blog
Qualys Blog
added 2020/12/14 4:4 p.m.29 views

Support Live Chat

In more than 4 months since Qualys launched Support Live Chat on the Customer Support Portal, we’ve seen customers use it successfully to get answers to quick support questions. Based on its success, we are scaling internal processes to accommodate greater usage, and we encourage all customers to...

7.5AI score
Exploits0
Qualys Blog
Qualys Blog
added 2020/12/10 7:47 p.m.68 views

QID Spotlight: Enhanced Oracle Java Discovery

Update December 15, 2020: This blog is updated with the FAQ section for customers to get more insight into QID details. Original Post: Securing Java instances has become critical for organizations because Javas wide use as an open-source component in applications has made it a captivating target...

0.4AI score
Exploits0
Qualys Blog
Qualys Blog
added 2020/12/10 12:48 a.m.1635 views

Solorigate/Sunburst : Theft of Cybersecurity Tools | FireEye Breach

Update Jan 5, 2021: New patching section with two new dashboard widgets showing the number of missing FireEye-related patches in your environment and the number of assets in your environment missing one of those patches. Update Dec 23, 2020: Added a new section on compensating controls. Update De...

10CVSS0.3AI score0.99999EPSS
Exploits393
Qualys Blog
Qualys Blog
added 2020/12/08 8:26 p.m.99 views

December 2020 Patch Tuesday – 58 Vulnerabilities, 9 Critical, Windows Exchange, Hyper-V, SharePoint, Adobe

This month’s Microsoft Patch Tuesday addresses 58 vulnerabilities with 9 of them labeled as Critical. The 9 Critical vulnerabilities cover Exchange, SharePoint, Hyper-V, Chakra Scripting, and several other workstation vulnerabilities. Adobe released patches today for Experience Manager, Prelude,...

10CVSS0.4AI score0.8979EPSS
Exploits8
Qualys Blog
Qualys Blog
added 2020/11/25 4:0 p.m.60 views

Qualys Research Nominated for Pwnie Awards 2020

The Qualys Security Advisory team has been nominated for five Pwnie Awards this year in three different categories. In addition to nominations for Best Privilege Escalation Bug and Best Server-Side Bug 3 nominations, we are proud to be nominated for Epic Achievement. The Pwnie Awards are an annua...

5CVSS2.8AI score0.10789EPSS
Exploits4
Qualys Blog
Qualys Blog
added 2020/11/16 8:38 p.m.44 views

An End-to-End Approach to Next-Gen Web Application and API Security

It was almost 10 years ago that Marc Andreessen wrote that software is eating the world. It is still true today, but I would be even more specific and say that web applications and APIs are eating the world. Our businesses run on web apps and APIs, and their ubiquity means that securing them has...

0.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2020/11/16 5:0 p.m.70 views

Securing Containers in Google Cloud Artifact Registry with Qualys

Container software supply chain is an area of concern for security teams in large and small enterprises because developers often make use of container images from a variety of public repositories. A single insecure container image can be instantiated several times and lead to a wide, diffused...

Exploits0
Qualys Blog
Qualys Blog
added 2020/11/16 4:45 p.m.24 views

A Modern Approach to Risk Management and Compliance

For far too long, organizations had to rely on traditional Governance, Risk and Compliance GRC tools -- with their modular and siloed approach -- to address their risk management and reporting compliance posture. With an increasing number of organizations looking at the Integrated Risk Management...

7.5AI score
Exploits0
Qualys Blog
Qualys Blog
added 2020/11/12 8:20 p.m.33 views

Securing Cloud and Container Workloads: A View From the Trenches

Almost 15 years after Amazon launched AWS, public cloud platforms have become extraordinarily sophisticated and feature-rich, as well as wildly popular, creating a world of security and compliance challenges that gets more complex by the day, said Badri Raghunathan​, Qualys product management...

7.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2020/11/11 11:16 p.m.34 views

EDR Solutions Require Comprehensive Telemetry to Fend Off Multi-Vector Attacks

Endpoint devices are under increasingly aggressive and sophisticated attacks, so protecting them effectively from cyber criminals has become a thorny and vexing challenge as the threat landscape expands. It doesn’t help that endpoint protection today fluctuates between two strategies that are...

0.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2020/11/11 1:52 a.m.68 views

Dive Deep into VMDR

Qualys devoted the second day of the QSC USA 2020 virtual conference entirely to vulnerability management, detection and response VMDR, a critical area for the security and compliance of hybrid cloud IT environments. Mehul Revankar, VP of Product Management and Engineering for VMDR at Qualys, set...

0.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2020/11/10 8:52 p.m.180 views

November 2020 Patch Tuesday – 112 Vulnerabilities, 17 Critical, Windows Codecs, Network File System, Workstation, Adobe

This month’s Microsoft Patch Tuesday addresses 112 vulnerabilities with 17 of them labeled as Critical. The 17 Critical vulnerabilities cover Windows Codecs, Network File System, Sharepoint, Windows Print Spooler, and several other workstation vulnerabilities. Adobe released patches today for Ado...

10CVSS0.5AI score0.09857EPSS
Exploits4
Qualys Blog
Qualys Blog
added 2020/11/09 9:15 p.m.26 views

The Evolution of the Qualys Cloud Platform

The global pandemic has upended everything, and in the cyber security world in particular it has highlighted the need for organizations to have a cloud-based security and compliance platform, Qualys President and Chief Product Officer Sumedh Thakar said during his keynote Monday at the virtual QS...

7.4AI score
Exploits0
Qualys Blog
Qualys Blog
added 2020/11/09 8:1 p.m.22 views

Building an Open Cloud Platform

Qualys Chairman and CEO Philippe Courtot kicked off QSC USA 2020, the company’s 20th annual user conference, with an assessment of current security challenges, and a clear call to action on how to successfully overcome them. “Today security is front and center, and as we move to the cloud, we mus...

0.9AI score
Exploits0
Qualys Blog
Qualys Blog
added 2020/11/04 3:51 a.m.59 views

Built-in Runtime Security for Containers

Security teams struggle with visibility into behaviors inside their running containers. Qualys is today announcing general availability of Container Runtime Security CRS to provide industry-leading visibility for running containers using an approach that is container-engine agnostic and layered...

0.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2020/10/22 11:10 p.m.421 views

NSA Alert: Chinese State-Sponsored Actors Exploit Known Vulnerabilities

On October 20, 2020, the United States National Security Agency NSA released a cybersecurity advisory on Chinese state-sponsored malicious cyber activity. The NSA alert provided a list of 25 publicly known vulnerabilities that are known to be recently leveraged by cyber actors for various hacking...

10CVSS9.7AI score0.99999EPSS
Exploits573
Qualys Blog
Qualys Blog
added 2020/10/16 3:0 p.m.38 views

Qualys Policy Compliance Plugin for Jenkins Now Available

Various factors may introduce vulnerabilities in a product during its lifecycle, resulting in a drift from the required compliance status. Hence, it is of utmost importance that security is baked into the product at every stage of development and possibilities of security gaps are ruled out. CI/C...

0.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2020/10/15 6:53 p.m.35 views

Auto-Discover and Secure Middleware Instances in Your Environment

Enterprise middleware plays a critical role in bringing together many moving parts within an organization, ensuring efficient collaboration, seamless integration and interoperability. A systematic evaluation of middleware architectures is important to thoroughly assess the overall security and...

0.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2020/10/14 8:28 p.m.178 views

Microsoft Windows TCP/IP Remote Code Execution Vulnerability (CVE-2020-16898) – Automatically Discover, Prioritize and Remediate Using Qualys VMDR®

On October 13, 2020, Microsoft fixed a critical remote code execution vulnerability in the Windows TCP/IP stack for handling ICMPv6 Router Advertisement packets. While Microsoft ranks this vulnerability as “Exploitation More Likely,” we may see a proof-of-concept released soon. The security issue...

5.8CVSS9.7AI score0.09686EPSS
Exploits12
Qualys Blog
Qualys Blog
added 2020/10/14 3:0 p.m.78 views

Discover A10 Networks Advanced Core OS Vulnerabilities using Qualys VMDR

The Qualys vulnerability signatures team has released a new series of signatures detections for A10 Networks ACOS Advanced Core Operating System, allowing security teams to identify A10 hosts and detect their vulnerabilities. A10 Advanced Core Operating System with true Scalable Symmetrical...

0.9AI score
Exploits0
Qualys Blog
Qualys Blog
added 2020/10/13 6:52 p.m.217 views

October 2020 Patch Tuesday – 87 Vulnerabilities, 11 Critical, SharePoint, TCP/IP Stack, Graphics, Adobe Vulns

This month’s Microsoft Patch Tuesday addresses 87 vulnerabilities with 11 of them labeled as Critical. The 11 Critical vulnerabilities cover TCP/IP Stack, SharePoint, Windows Camera Codec Pack, Graphics and several other workstation vulnerabilities. Adobe issued patches today for Adobe Flash...

6.8CVSS2.2AI score0.70894EPSS
Exploits18
Total number of security vulnerabilities1089