Lucene search
K
QualysblogRecent

1089 matches found

Qualys Blog
Qualys Blog
added 2019/09/23 2:56 p.m.101 views

Empower your Cloud Ops Teams – Publish Qualys CloudView Security Assessment Reports to their Slack Channel

In today’s constantly changing and evolving cloud environments, being able to quickly provide information on misconfigurations and security policy violations in your cloud accounts and assets has become a critical need to the success of your security operations. Many cloud platforms offer tools...

7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2019/09/20 6:17 p.m.157 views

Qualys Cloud Platform 8.21.2 New Features

This new release of the Qualys Cloud Platform VM, PC, version 8.21.2, includes Virtual Scanner Appliance support for Alibaba Cloud Compute, scheduling of EC2 scans with no scannable EC2 assets in Asset Tags in Qualys Vulnerability Management, expanded support for instance discovery and auto recor...

0.3AI score
Exploits0
Qualys Blog
Qualys Blog
added 2019/09/16 6:31 p.m.68 views

Assess Vulnerabilities, Misconfigurations in CI/CD Pipeline

After the publication of Golden AMI Pipeline integration with Qualys, some Qualys customers reached out asking how to integrate Qualys Vulnerability Management scanning into other types of CI/CD Pipelines. To answer these questions, we've published the new guide, Assess Vulnerabilities and...

0.6AI score
Exploits0
Qualys Blog
Qualys Blog
added 2019/09/13 2:53 p.m.142 views

Qualys Cloud Platform 8.21.2 New Features

The upcoming release of the Qualys Cloud Platform VM, PC, version 8.21.2, includes several new features in Qualys Cloud Platform and support for multiple technologies in Qualys Policy Compliance. The 8.21.2 release is scheduled to go live on 16th Sept, 2019. See full 8.21.2 new features blog post...

7.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2019/09/11 5:11 p.m.49 views

Patch Management 1.3 New Features

This release of Qualys Patch Management version 1.3 includes new features, highlights as follows. Patch Scheduling enhancement: "No Patch Window" – When scheduling a patch deployment, instead of having to specify a Patch Window time frame, you can select "None". This will allow a job to continue ...

7.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2019/09/11 4:40 p.m.54 views

Policy Compliance Library Updates, July 2019

Qualys' library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS an...

0.3AI score
Exploits0
Qualys Blog
Qualys Blog
added 2019/09/10 6:0 p.m.169 views

September Patch Tuesday – 79 Vulns, 17 Critical, Remote Desktop Client, SharePoint, Exploited PrivEsc

This month’s Microsoft Patch Tuesday addresses 79 vulnerabilities with 17 of them labeled as Critical. Of the 17 Critical vulns, 8 are for scripting engines and browsers, 4 are for the Remote Desktop Client, and 3 are for SharePoint. In addition, Microsoft has again patched a critical vulnerabili...

9.3CVSS0.5AI score0.19254EPSS
Exploits3
Qualys Blog
Qualys Blog
added 2019/08/29 6:17 p.m.130 views

Cisco REST API Container for IOS XE Software Authentication Bypass Vulnerability – (CVE-2019-12643)

Cisco published an update for Cisco IOS XE operating system to patch a critical vulnerability that could allow a remote attacker to bypass authentication on devices running an outdated version of Cisco REST API virtual service container. The security issue is tracked as CVE-2019-12643 and has...

10CVSS2AI score0.05324EPSS
Exploits0
Qualys Blog
Qualys Blog
added 2019/08/26 4:45 p.m.31 views

FedRAMP ConMon – Efficiently & Effectively Managing SLAs for RA-5d Requirement

Are you a FedRamp-certified organization looking to more effectively maintain your FedRAMP status? There are tools available to help simplify the process and while the process involves some terminology, it is easily understood as outlined below. Additionally, it is supported by pre-built dashboar...

0.6AI score
Exploits0
Qualys Blog
Qualys Blog
added 2019/08/13 11:58 p.m.1029 views

Windows Remote Desktop Vulnerabilities (Seven Monkeys) – How to Detect and Patch

In the August 2019 Patch Tuesday release, Microsoft disclosed 7 RDP Vulnerabilities, out of which 4 are labeled as critical and 3 as important. All the critical vulnerabilities exist in Remote Desktop Services – formerly known as Terminal Services – and do not require authentication or user...

10CVSS9.4AI score0.75194EPSS
Exploits0
Qualys Blog
Qualys Blog
added 2019/08/13 6:49 p.m.203 views

August 2019 Patch Tuesday – 93 Vulns, 29 Critical, 7 Remote Desktop Vulns, Hyper-V, DHCP, Adobe vulns

Update Aug 13, 2019: Detect and Patch Windows Remote Desktop Vulnerabilities This month’s Microsoft Patch Tuesday addresses 93 vulnerabilities with 29 of them labeled as Critical. Of the 29 Critical vulns, 10 are for scripting engines and browsers, 6 for Windows Graphics/Font Library, and 4 are f...

10CVSS9.9AI score0.75194EPSS
Exploits0
Qualys Blog
Qualys Blog
added 2019/08/02 4:32 p.m.35 views

Qualys Cloud Platform 2.40 New Features

This release of the Qualys Cloud Platform version 2.40 includes updates and new features for Web Application Scanning, highlights as follows. Web Application Scanning "Everything" Detection Scope – A new detection scope called "Everything" is now available in the option profile. This can be used ...

7.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2019/08/01 3:0 p.m.40 views

Countdown to Black Hat: Top 10 Sessions to Attend — #9 and #10

With Black Hat USA 2019 now in progress, we wrap up this blog series with our final two session recommendations: Attacking and Defending the Microsoft Cloud and Practical Approach to Automate the Discovery and Eradication of Open-Source Software Vulnerabilities at Scale. Attacking and Defending t...

6.8AI score
Exploits0
Qualys Blog
Qualys Blog
added 2019/07/31 8:56 a.m.75 views

Qualys Cloud Platform (VM, PC) 8.21 New Features

This new release of the Qualys Cloud Platform VM, PC, version 8.21, adds new technologies and platforms, and support for scanning ESXi hosts on vCenter for vulnerabilities. Feature Highlights Qualys Vulnerability Management VM Support for Scanning ESXi Hosts on vCenter for Vulnerabilities – Qualy...

0.4AI score
Exploits0
Qualys Blog
Qualys Blog
added 2019/07/29 4:0 p.m.68 views

Countdown to Black Hat: Top 10 Sessions to Attend — #8

Black Hat kicks off in a few days, and for Qualys customers still planning their schedule we have our weekly recommendation from among the conference’s many training courses and research briefings: The Enemy Within: Modern Supply Chain Attacks. Speaker Eric Doerr, General Manager of the Microsoft...

7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2019/07/24 5:26 a.m.94 views

Qualys Policy Compliance Notification: Policy Library Updates (June)

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS an...

0.3AI score
Exploits0
Qualys Blog
Qualys Blog
added 2019/07/22 3:0 p.m.49 views

Countdown to Black Hat: Top 10 Sessions to Attend — #7

Black Hat USA 2019 is just weeks away, and with scores of training courses and research briefings to choose from, planning your schedule can be a challenge. To help you, we’re posting a weekly recommendation on our blog, and explaining why we think Qualys customers could find it useful and...

6.5AI score
Exploits0
Qualys Blog
Qualys Blog
added 2019/07/15 3:0 p.m.65 views

Countdown to Black Hat: Top 10 Sessions to Attend — #6

With Black Hat USA 2019 less than a month away, we continue our blog series with weekly recommendations of training courses and research briefings to attend at the conference. Our pick this week: the research briefing Controlled Chaos: The Inevitable Marriage of DevOps & Security. This 50-minute...

6.9AI score
Exploits0
Qualys Blog
Qualys Blog
added 2019/07/11 2:30 p.m.60 views

Qualys Policy Compliance Notification: Policy Library Updates (April, May)

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS an...

0.8AI score
Exploits0
Qualys Blog
Qualys Blog
added 2019/07/11 2:20 p.m.129 views

Qualys Cloud Platform (VM, PC) 8.20.1 New Features

This new release of the Qualys Cloud Platform VM, PC, version 8.20.1, includes support for new technologies and platforms, addition of new technology for Windows UDCs as well as an update in an existing option name "Scan agent hosts in my target" in the Launch Vulnerability Scan page. Feature...

7.5AI score
Exploits0
Qualys Blog
Qualys Blog
added 2019/07/09 6:12 p.m.290 views

July 2019 Patch Tuesday – 77 Vulns, 15 Critical, DHCP RCE, Exploited PrivEsc, SQL, Adobe Vulns

This month’s Microsoft Patch Tuesday addresses 77 vulnerabilities with 15 of them labeled as Critical. Of the 15 Critical vulns, 11 are for scripting engines and browsers, with the remaining four covering DHCP Server, GDI+, .NET Framework, and Azure DevOps Server / Team Foundation Server. In...

7.8CVSS8.7AI score0.98745EPSS
Exploits7
Qualys Blog
Qualys Blog
added 2019/07/08 3:0 p.m.95 views

Countdown to Black Hat: Top 10 Sessions to Attend — #5

Black Hat USA 2019, which is only one month away, offers scores of training courses and research briefings, so every week we’re picking a session we believe Qualys customers will find valuable. This week’s selection is the training course Adversary Tactics -- Detection. This course focuses on...

6.6AI score
Exploits0
Qualys Blog
Qualys Blog
added 2019/07/01 4:0 p.m.36 views

Video Training Update, July 2019

The Qualys Training team released a major update to the Vulnerability Management Certified Training Course. We’ve also built out two new video libraries showing how to assess business process risk and how to secure cloud infrastructures in DevSecOps environments using AWS Golden AMI pipelines. An...

1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2019/07/01 3:0 p.m.30 views

Countdown to Black Hat: Top 10 Sessions to Attend — #4

With Black Hat USA 2019 fast approaching, we continue our blog series highlighting training sessions and research briefings that we think Qualys customers will find relevant and valuable. Our pick this week is the training session An Introduction To IoT Pentesting With Linux. The course offers “a...

7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2019/06/27 2:24 p.m.402 views

Qualys Cloud Platform (VM, PC) 8.20 New Features

This new release of the Qualys Cloud Platform VM, PC, version 8.20, includes several new features in Qualys Cloud Platform and additional support for multiple technologies in Qualys Policy Compliance. Feature Highlights Qualys Cloud Platform Configure Password Expiration Notification – Now users...

Exploits0
Qualys Blog
Qualys Blog
added 2019/06/25 12:5 a.m.185 views

Qualys Cloud Platform 2.39 New Features

This release of the Qualys Cloud Platform version 2.39 includes updates and new features for Out-of-Band Configuration Assessment OCA, Vulnerability Management, and Web Application Scanning, highlights as follows. Vulnerability Management Trending uses Include/Exclude Filters in Dashboard – Widge...

7.4AI score
Exploits0
Qualys Blog
Qualys Blog
added 2019/06/24 2:52 p.m.93 views

Countdown to Black Hat: Top 10 Sessions to Attend — #3

We’re getting closer to Black Hat USA 2019, whose program is loaded with scores of research briefings and training courses. For attendees, it’s always a challenge to decide which ones to put on their schedule -- and which ones to leave out. To help with this task, we’re recommending a Black Hat U...

6.8AI score
Exploits0
Qualys Blog
Qualys Blog
added 2019/06/17 3:0 p.m.88 views

Countdown to Black Hat: Top 10 Sessions to Attend — #2

Black Hat USA 2019 is still two months away, but it’s never too early for attendees to start planning their schedule. That’s why each week we’re recommending one session from the scores of research briefings and training courses that will be offered at the conference. Following our first pick las...

6.9AI score
Exploits0
Qualys Blog
Qualys Blog
added 2019/06/14 10:27 p.m.395 views

Exim MTA Vulnerability (The Return of the WIZard – CVE-2019-10149)

Last week, Qualys issued a security advisory for a vulnerability we discovered during a code review of Exim. This vulnerability can lead to Remote Command Injection, and is currently being actively attacked in the wild. This blog will show you how to quickly identify assets that are impacted by...

7.5CVSS1.3AI score0.99961EPSS
Exploits27
Qualys Blog
Qualys Blog
added 2019/06/11 6:18 p.m.214 views

June 2019 Patch Tuesday – 88 Vulns, 21 Critical, Hyper-V Escape, Adobe Vulns

This month's Microsoft Patch Tuesday addresses 88 vulnerabilities with 21 of them labeled as Critical. Of the 21 Critical vulns, 17 are for scripting engines and browsers, and 3 are potential hypervisor escapes in Hyper-V. The remaining vulnerability is an RCE in the Microsoft Speech API. Microso...

9CVSS0.5AI score0.04716EPSS
Exploits2
Qualys Blog
Qualys Blog
added 2019/06/11 3:0 p.m.138 views

Alpine Docker Image Vulnerability (CVE-2019-5021): How to Detect and Fix

A vulnerability affecting the official Alpine Docker images version =3.3 contains a null password for the root user. Due to the nature of this issue, systems deployed using affected versions of the Alpine Linux container that utilize Linux PAM, or some other mechanism that uses the system shadow...

10CVSS9.5AI score0.06263EPSS
Exploits2
Qualys Blog
Qualys Blog
added 2019/06/10 3:0 p.m.74 views

Countdown to Black Hat: Top 10 Sessions to Attend — #1

Black Hat USA 2019 offers a packed and impressive lineup of research briefings and hands-on training courses for the 19,000-plus security pros expected to attend this year’s event. The training sessions provide both offensive and defensive skills that security pros can use to tackle critical...

6.8AI score
Exploits0
Qualys Blog
Qualys Blog
added 2019/06/06 4:0 p.m.80 views

Integrating Threat and Vulnerability Management with Patch Management: The (Feasible) Quantum Leap

The rise of sophisticated attacks combined with the security-skills shortage have driven many organizations to go back to basics and review their processes for vulnerability and patch management. The approach is definitely a winning one, given that shrinking and managing the vulnerability surface...

Exploits0
Qualys Blog
Qualys Blog
added 2019/06/03 4:0 p.m.101 views

Boosting Patch Management Is Key for Breach Prevention

Vulnerabilities that vendors have disclosed and issued patches for remain a major source of breaches. Why? Too many organizations take too long to deploy those patches -- or never do. That was the case with WannaCry. The ransomware exploited Windows vulnerability MS17-010, which Microsoft disclos...

7.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2019/06/01 8:0 p.m.117 views

Third-Party User Enumeration Issue Resolved

We were recently made aware of a user enumeration issue on the login page of SumTotal’s training website, a learning management solution that Qualys uses for its training and certification site. Upon learning of the issue, we immediately worked through the vendor to get it fixed. The training...

0.4AI score
Exploits0
Qualys Blog
Qualys Blog
added 2019/05/27 7:46 a.m.80 views

Qualys Cloud Platform (VM, PC) 8.19.1 New Features

This new release of the Qualys Cloud Platform VM, PC, version 8.19.1, includes newly added technology support for HP Safeguard and CISCO ACS 5, collected via Qualys Out-of-Band Configuration Assessment. Feature Highlights Qualys Policy Compliance PC New Technology Support - Qualys now supports th...

0.5AI score
Exploits0
Qualys Blog
Qualys Blog
added 2019/05/24 2:5 p.m.57 views

LinkedIn Faux Pas Shines Light on Certificate Management

Visibility and control of digital certificates remains a challenge for even the largest enterprises, as evidenced by a high profile incident this week affecting Microsoft’s LinkedIn. Users accessing LinkedIn on Tuesday got a warning from their browsers alerting them about an insecure connection...

0.3AI score
Exploits0
Qualys Blog
Qualys Blog
added 2019/05/23 4:0 p.m.112 views

Boost Security with These Gartner-Recommended Projects

Is your security team struggling to decide which projects will slash risk the most without breaking the bank? If so, we believe your security leaders can end analysis paralysis by perusing Gartner’s “Top 10 Security Projects for 2019” report. As its title states, the report recommends ten securit...

7.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2019/05/16 2:17 a.m.4726 views

Windows RDP Remote Code Execution Vulnerability (BlueKeep) – How to Detect and Patch

This month's Microsoft Patch Tuesday included a very high-risk vulnerability CVE-2019-0708, aka BlueKeep in Remote Desktop that impacts Windows XP, Windows 7, Server 2003, Server 2008, and Server 2008 R2. This vulnerability allows an unauthenticated attacker or malware to execute code on the...

10CVSS1.2AI score0.99999EPSS
Exploits123
Qualys Blog
Qualys Blog
added 2019/05/15 4:0 p.m.86 views

Verizon’s DBIR Highlights Key Drivers of Security Risk

It’s that time of the year when Verizon updates us on the latest trends in the global threat landscape with its Data Breach Investigations Report DBIR. The findings in this year’s report are based on data provided by more than 70 sources including Qualys about more than 41,000 security incidents,...

0.3AI score
Exploits0
Qualys Blog
Qualys Blog
added 2019/05/14 6:46 p.m.196 views

May 2019 Patch Tuesday – 79 Vulns, 22 Critical, RDP RCE, MDS Attacks, Adobe Vulns

This month's Microsoft Patch Tuesday addresses 79 vulnerabilities with 22 of them labeled as Critical. Of the 22 Critical vulns, 18 are for scripting engines and browsers. The remaining 4 are remote code execution RCE in Remote Desktop, DHCP Server, GDI+, and Word. Microsoft also released guidanc...

10CVSS1.1AI score0.99999EPSS
Exploits124
Qualys Blog
Qualys Blog
added 2019/05/09 10:33 a.m.124 views

Qualys Cloud Platform (VM, PC) 8.19 New Features

This new release of the Qualys Cloud Platform VM, PC, version 8.19, contains several new features and improvements in Qualys Vulnerability Management and Policy Compliance, which include an improved display of deadlines for remediation policies in VM; additional support for MS Exchange Server...

Exploits0
Qualys Blog
Qualys Blog
added 2019/04/26 7:4 a.m.40 views

Qualys Policy Compliance Notification: Policy Library Update (March)

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS an...

1.4AI score
Exploits0
Qualys Blog
Qualys Blog
added 2019/04/26 6:7 a.m.32 views

Qualys Cloud Platform (VM, PC) 8.18.2 New Features

This new release of the Qualys Cloud Platform, version 8.18.2.0, includes the new look for the App Picker, new technology support for Unix UDCs, and error code/text for errors that occur during control evaluation. Feature Highlights Qualys Cloud Platform The App Picker has a new look – The apps i...

7.4AI score
Exploits0
Qualys Blog
Qualys Blog
added 2019/04/24 12:16 a.m.54 views

Call For Customer Presentations at Black Hat USA 2019!

Tell your security story to your peers at Black Hat USA 2019! Qualys is looking for customers excited to share your security story, for example: How you integrate security into DevOps Best practices for building security into modern enterprises Case studies leveraging the use of the Qualys Cloud...

1.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2019/04/22 8:40 a.m.2043 views

Zombie POODLE and GOLDENDOODLE Vulnerabilities

Recently new vulnerabilities like Zombie POODLE, GOLDENDOODLE, 0-Length OpenSSL and Sleeping POODLE were published for websites that use CBC Cipher Block Chaining block cipher modes. These vulnerabilities are applicable only if the server uses TLS 1.2 or TLS 1.1 or TLS 1.0 with CBC cipher modes...

4.3CVSS6.9AI score0.17139EPSS
Exploits0
Qualys Blog
Qualys Blog
added 2019/04/18 4:0 p.m.29 views

Qualys Training Update, April 2019

The Qualys Training team has expanded the AssetView & Threat Protection course, and added two new training series: CertView and Troubleshooting Scanner Appliance Error Codes. These new additions build on last month’s update, when we introduced the new Vulnerability Management learning path, which...

7.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2019/04/17 8:0 p.m.60 views

Monitoring AWS Golden AMI Pipelines with Slack

If your company uses Slack and is looking for ways to easily monitor activities in its AWS Golden AMI Pipeline, you can use AWS native services to send messages into a Slack channel. This can give your teams better visibility into the approval process for the candidate AMIs that they submit, as...

6.8AI score
Exploits0
Qualys Blog
Qualys Blog
added 2019/04/10 7:8 p.m.55 views

Ancestry: On the Vanguard of DevOps Security

Grant Johnson, Ancestry's Director, Risk & Compliance This is a guest post by Grant Johnson, Director, Risk & Compliance at Ancestry Over the past two years, Ancestry moved its entire applications and data infrastructure from local data centers to Amazon’s cloud, and this required a new approach...

7.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2019/04/10 5:47 p.m.45 views

Qualys Cloud Platform 2.38 New Features

This release of the Qualys Cloud Platform version 2.38 includes updates and new features for AssetView, Web Application Firewall, and Web Application Scanning, highlights as follows. AssetView Azure Instance State search token and Dynamic Tag Support – A new search token "azure.vm.state" is added...

0.1AI score
Exploits0
Total number of security vulnerabilities1089